Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outerinfo Popups


  • This topic is locked This topic is locked
12 replies to this topic

#1 plomper007

plomper007

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 09 November 2006 - 10:48 PM

hi
i followed all the steps before i posted the log i hope u can help me out this outerinfo is a nasty one to get out


Logfile of HijackThis v1.99.1
Scan saved at 10:42:17 PM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\MoodLogic\Service\MLService.exe
C:\Program Files\MoodLogic\Service\Updater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\SKS~1\ati2evxx.exe
C:\WINDOWS\s?curity\e?plorer.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - URLSearchHook: (no name) - {00E506EB-9D01-C6D2-2C52-C8CE65B8BAC2} - C:\WINDOWS\system32\ioyfvj.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 72.3.210.161 www.8notes.com #0
O1 - Hosts: 207.126.123.20 graphicssoft.about.com #0
O1 - Hosts: 67.15.14.25 photoshop.pluginsworld.com #0
O1 - Hosts: 66.152.98.203 afunk.com #0
O1 - Hosts: 198.65.148.153 www.israelnationalnews.com #0
O1 - Hosts: 217.146.194.10 asta-killer.com #0
O1 - Hosts: 209.68.24.127 www.timeanddate.com #0
O1 - Hosts: 207.25.71.245 edition.cnn.com #0
O1 - Hosts: 64.236.16.84 www.cnn.com #0
O1 - Hosts: 216.83.98.5 www.compu-docs.com #0
O1 - Hosts: 64.12.131.62 www.mapquest.com #0
O1 - Hosts: 209.151.229.17 www.esystor.com #0
O1 - Hosts: 66.246.72.50 www.freedownloadscenter.com #0
O1 - Hosts: 67.19.235.68 www.free-codecs.com #0
O1 - Hosts: 70.84.249.84 www.geekstogo.com #0
O1 - Hosts: 72.14.207.104 72.14.207.104 #0
O1 - Hosts: 64.233.167.147 www.google.ca #0
O1 - Hosts: 66.33.220.31 www.hebcal.com #0
O1 - Hosts: 209.150.143.123 www.aishdas.org #0
O1 - Hosts: 216.53.71.4 www.otzar770.com #0
O1 - Hosts: 69.90.138.56 www.ufcw.ca #0
O1 - Hosts: 209.59.180.2 www.softwaretipsandtricks.com #0
O1 - Hosts: 206.191.20.44 www.jvc.ca #0
O1 - Hosts: 216.119.86.186 www.allaboutpromos.com #0
O1 - Hosts: 217.146.194.10 www.thekeys.ws #0
O1 - Hosts: 216.69.149.230 mya.securepaynet.net #0
O1 - Hosts: 62.212.84.61 www.nforce.nl #0
O1 - Hosts: 65.199.155.60 www.pcconnection.com #0
O1 - Hosts: 70.84.104.89 www.tutorialoutpost.com #0
O1 - Hosts: 198.37.36.40 www.pinnaclesys.com #0
O1 - Hosts: 66.203.115.26 www.real.com #0
O1 - Hosts: 207.61.25.39 www.royalsunalliance.ca #0
O1 - Hosts: 216.59.158.75 www.runtechmedia.net #0
O1 - Hosts: 132.204.136.20 lois.justice.gc.ca #0
O1 - Hosts: 208.196.93.204 www.goemerchant7.com #0
O1 - Hosts: 217.146.194.10 www.seriall.com #0
O1 - Hosts: 66.225.246.84 www.sofotex.com #0
O1 - Hosts: 70.85.60.100 www.dawnload.net #0
O1 - Hosts: 80.93.57.103 superserials.com #0
O1 - Hosts: 82.165.8.183 thepluginsite.com #0
O1 - Hosts: 203.22.204.75 www.tutorialguide.net #0
O1 - Hosts: 64.49.213.239 www.dvdirect.com #0
O1 - Hosts: 65.17.220.46 windowsxp.mvps.org #0
O1 - Hosts: 212.179.112.195 www.zooloo.co.il #0
O1 - Hosts: 213.193.214.22 www.downloads.nl #0
O1 - Hosts: 12.155.170.10 www.zipzoomfly.com #0
O1 - Hosts: 216.220.38.37 www.dellauction.com #0
O1 - Hosts: 143.166.224.178 www.dell.com #0
O2 - BHO: (no name) - {00E506EB-9D01-C6D2-2C52-C8CE65B8BAC2} - C:\WINDOWS\system32\ioyfvj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SONYCO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F859740-0BA5-522F-D1CD-51A70258E299} - C:\WINDOWS\system32\xzmw.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {D39525BE-B85E-E288-2B07-BD891009319D} - C:\WINDOWS\system32\xyow.dll (file missing)
O2 - BHO: (no name) - {EB7456EB-9E52-C1DD-2AE7-C39EF031579A} - C:\WINDOWS\system32\xkterbt.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [MoodLogic Service] C:\Program Files\MoodLogic\Service\MLService.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\SKS~1\ati2evxx.exe" -vt ndrv
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Gqwlwhel] C:\WINDOWS\s?curity\e?plorer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Mises à jour planifiées de Quicken.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!ANetSpeeder] NetSpeeder
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD1BE0CA-E603-4B66-B5AA-EE9D2BDA41AB}: NameServer = 192.168.2.1
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winooq32 - winooq32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

BC AdBot (Login to Remove)

 


#2 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:05 PM

Posted 10 November 2006 - 07:55 AM

Hi and welcome. My name is Kairis and I will be helping you.
You have some crap there! But don't worry; we'll get you cleaned up!
Please follow my steps in the right order...
We'll start with this:
Go to start > controlpanel > add/remove programs and uninstall next if present:
Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.

If OIN not listed, download and run this uninstaller.
Reboot when done! Really important!

Let's run some cleaning and diagnostic scans:
Step1:
Please download ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step2:
Please download Combofix
to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Step3:
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file.
Make sure that AVG Anti-Spyware is closed before installing the update.

Step4:
In your next reply, please include the following logs: AVG A-S log, Fresh Hijackthis and ComboFix report. Thanks.

#3 plomper007

plomper007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 10 November 2006 - 12:26 PM

combofix log
steven - 06-11-10 10:55:57.40 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\steven\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\steven\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\steven\Application Data\SSEMBL~1
C:\QooBox\Purity\Documents and Settings\steven\Application Data\YMANTE~1
C:\QooBox\Purity\Documents and Settings\steven\doc2\CROSOF~1.NET
C:\QooBox\Purity\Documents and Settings\steven\doc2\ECURIT~1
C:\QooBox\Purity\Documents and Settings\steven\doc2\ICROSO~1
C:\QooBox\Purity\Documents and Settings\steven\doc2\MCROSO~1.NET
C:\QooBox\Purity\Documents and Settings\steven\doc2\YMANTE~1
C:\QooBox\Purity\Program Files\SCURIT~1
C:\QooBox\Purity\Program Files\STEM~1
C:\QooBox\Purity\Program Files\Common Files\DOBE~1
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\SSTEM~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\SCURIT~1
C:\QooBox\Purity\WINDOWS\SEMBLY~1
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\SSTEM3~1
C:\QooBox\Purity\WINDOWS\STEM~1
C:\QooBox\Purity\WINDOWS\SCURIT~1\e?plorer.exe
C:\QooBox\Purity\WINDOWS\SYSTEM32\ASKS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\DOBE~2
C:\QooBox\Purity\WINDOWS\SYSTEM32\ECURIT~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\FNTS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\MCROSO~1.NET
C:\QooBox\Purity\WINDOWS\SYSTEM32\SKS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SKS~1\ati2evxx.exe
C:\QooBox\Purity\WINDOWS\SYSTEM32\SKS~1\SKS~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))


2006-11-09 22:30 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2006-11-09 17:21 2 --a------ C:\WINDOWS\SYSTEM32\wnsapisv.exe
2006-11-09 17:21 131,072 --a------ C:\WINDOWS\SYSTEM32\ioyfvj.dll
2006-11-09 13:43 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2006-10-30 11:45 109,568 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2006-10-30 11:45 108,544 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-10-25 20:33 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-10-24 17:20 816,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-10-24 17:20 4,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys
2006-10-24 17:20 4,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
2006-10-24 17:20 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
2006-10-24 17:20 28,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-10-18 18:31 278,528 --a------ C:\WINDOWS\SYSTEM32\iFPSP.dll
2006-10-18 18:31 14,531 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\N10.SYS
2006-10-18 18:31 14,531 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ifpusb.sys
2006-10-18 18:31 14,531 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Ifp900.sys
2006-10-18 18:31 14,531 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Ifp800.sys
2006-10-18 18:31 14,531 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Ifp700.sys
2006-10-18 18:31 14,531 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Ifp500.sys
2006-10-18 18:31 14,531 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ifp300.sys
2006-10-18 18:31 14,531 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Ifp1000.sys
2006-10-18 16:52 28,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MLFILEM.SYS
2006-10-17 13:05 206,336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-30 22:32 -------- d-------- C:\Program Files\Symantec
2006-11-10 10:57 -------- d-------- C:\Program Files\Common Files
2006-11-09 23:14 -------- d-------- C:\Program Files\Internet Explorer
2006-11-09 22:42 -------- d-------- C:\Program Files\HijackThis
2006-11-09 18:55 -------- d-------- C:\Program Files\Zone Labs
2006-11-08 14:53 -------- d-------- C:\Program Files\Java
2006-11-08 09:51 -------- d-------- C:\Program Files\Lx_cats
2006-11-04 22:43 -------- d-------- C:\Program Files\IKEA HomePlanner
2006-11-04 22:42 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-30 22:11 -------- d-------- C:\Program Files\MediaCoder
2006-10-30 12:00 -------- d-------- C:\Program Files\Norton SystemWorks
2006-10-30 11:58 -------- d-------- C:\Documents and Settings\steven\Application Data\DivX
2006-10-30 11:45 -------- d-------- C:\Program Files\DivX
2006-10-27 15:09 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-25 20:33 -------- d-------- C:\Program Files\Grisoft
2006-10-24 17:52 146960 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\SymSnap.sys
2006-10-18 18:31 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-18 18:31 -------- d-------- C:\Program Files\iriver
2006-10-18 16:52 -------- d-------- C:\Program Files\MoodLogic
2006-10-17 13:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\SYSTEM32\DivX.dll
2006-09-25 09:11 -------- d-------- C:\Program Files\Picasa2
2006-09-15 22:04 48816 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-08-25 10:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-24 08:49 20164 --a------ C:\Documents and Settings\steven\Application Data\wklnhst.dat
2006-08-21 07:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll
2006-08-10 18:03 73728 --a------ C:\WINDOWS\SYSTEM32\dpl100.dll
2006-08-10 18:03 196608 --a------ C:\WINDOWS\SYSTEM32\dtu100.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"Aida"="\"C:\\WINDOWS\\system32\\SKS~1\\ati2evxx.exe\" -vt ndrv"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Gqwlwhel"="C:\\WINDOWS\\s?curity\\e?plorer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"lxccmon.exe"="\"C:\\Program Files\\Lexmark 3300 Series\\lxccmon.exe\""
"LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""
"MoodLogic Service"="C:\\Program Files\\MoodLogic\\Service\\MLService.exe"
"MoodLogic Updater"="C:\\Program Files\\MoodLogic\\Service\\Updater.exe"
"iRiver Updater"="\\Updater.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.allaboutpromos.com/product_images/h/346small.jpg"
"SubscribedURL"="http://www.allaboutpromos.com/product_images/h/346small.jpg"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:14,6d,e0,01,41,c0,b4,74,08,30,70,04,68,de,e0,01,20,6d,\
e0,01,b3,cd,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Distillr\\acrotray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MUPS.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MUPS.lnk"
"backup"="C:\\WINDOWS\\pss\\MUPS.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BELKIN~1\\MUPS.exe "
"item"="MUPS"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetAssistant.lnk"
"backup"="C:\\WINDOWS\\pss\\NetAssistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETASS~1\\bin\\matcli.exe -boot"
"item"="NetAssistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package Menu.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~3\\SonyTray.exe "
"item"="Picture Package Menu"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package VCD Maker.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h"
"item"="Picture Package VCD Maker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\RAMASST.lnk"
"backup"="C:\\WINDOWS\\pss\\RAMASST.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\SYSTEM32\\RAMASST.exe "
"item"="RAMASST"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^steven^Start Menu^Programs^Startup^Reminder-hpc40415.lnk]
"path"="C:\\Documents and Settings\\steven\\Start Menu\\Programs\\Startup\\Reminder-hpc40415.lnk"
"backup"="C:\\WINDOWS\\pss\\Reminder-hpc40415.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\HPPHOT~1\\C200CA~1\\REGIST~1\\Remind32.exe "
"item"="Reminder-hpc40415"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="REGSVR32"
"hkey"="HKLM"
"command"="REGSVR32.EXE /S CTASIO.DLL"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTCMSGo"
"hkey"="HKCU"
"command"="C:\\Program Files\\Creative\\MediaSource\\Go\\CTCMSGo.exe /SCB"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDVDDet"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dlbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iaanotif"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelMEM"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa\\PicasaMediaDetector.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RuLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\Agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mnyexpr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPE"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\PINNAC~1\\PPE\\PPE.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="spykiller"
"hkey"="HKCU"
"command"="C:\\Program Files\\SpyKiller\\spykiller.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UrlLstCk"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScanMSC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VsStat"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\McAfee\\McAfee VirusScan\\VsStat.exe\" /EMBEDDING"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxsnt40"
"hkey"="HKLM"
"command"="wfxsnt40.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winooq32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - steven.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: 06-11-10 11:00:05.17
C:\ComboFix.txt ... 06-11-10 11:00


Logfile of HijackThis v1.99.1
Scan saved at 11:46:26 AM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\s?curity\e?plorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - URLSearchHook: (no name) - {00E506EB-9D01-C6D2-2C52-C8CE65B8BAC2} - C:\WINDOWS\system32\ioyfvj.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 72.3.210.161 www.8notes.com #0
O1 - Hosts: 207.126.123.20 graphicssoft.about.com #0
O1 - Hosts: 67.15.14.25 photoshop.pluginsworld.com #0
O1 - Hosts: 66.152.98.203 afunk.com #0
O1 - Hosts: 198.65.148.153 www.israelnationalnews.com #0
O1 - Hosts: 217.146.194.10 asta-killer.com #0
O1 - Hosts: 209.68.24.127 www.timeanddate.com #0
O1 - Hosts: 207.25.71.245 edition.cnn.com #0
O1 - Hosts: 64.236.16.84 www.cnn.com #0
O1 - Hosts: 216.83.98.5 www.compu-docs.com #0
O1 - Hosts: 64.12.131.62 www.mapquest.com #0
O1 - Hosts: 209.151.229.17 www.esystor.com #0
O1 - Hosts: 66.246.72.50 www.freedownloadscenter.com #0
O1 - Hosts: 67.19.235.68 www.free-codecs.com #0
O1 - Hosts: 70.84.249.84 www.geekstogo.com #0
O1 - Hosts: 72.14.207.104 72.14.207.104 #0
O1 - Hosts: 64.233.167.147 www.google.ca #0
O1 - Hosts: 66.33.220.31 www.hebcal.com #0
O1 - Hosts: 209.150.143.123 www.aishdas.org #0
O1 - Hosts: 216.53.71.4 www.otzar770.com #0
O1 - Hosts: 69.90.138.56 www.ufcw.ca #0
O1 - Hosts: 209.59.180.2 www.softwaretipsandtricks.com #0
O1 - Hosts: 206.191.20.44 www.jvc.ca #0
O1 - Hosts: 216.119.86.186 www.allaboutpromos.com #0
O1 - Hosts: 217.146.194.10 www.thekeys.ws #0
O1 - Hosts: 216.69.149.230 mya.securepaynet.net #0
O1 - Hosts: 62.212.84.61 www.nforce.nl #0
O1 - Hosts: 65.199.155.60 www.pcconnection.com #0
O1 - Hosts: 70.84.104.89 www.tutorialoutpost.com #0
O1 - Hosts: 198.37.36.40 www.pinnaclesys.com #0
O1 - Hosts: 66.203.115.26 www.real.com #0
O1 - Hosts: 207.61.25.39 www.royalsunalliance.ca #0
O1 - Hosts: 216.59.158.75 www.runtechmedia.net #0
O1 - Hosts: 132.204.136.20 lois.justice.gc.ca #0
O1 - Hosts: 208.196.93.204 www.goemerchant7.com #0
O1 - Hosts: 217.146.194.10 www.seriall.com #0
O1 - Hosts: 66.225.246.84 www.sofotex.com #0
O1 - Hosts: 70.85.60.100 www.dawnload.net #0
O1 - Hosts: 80.93.57.103 superserials.com #0
O1 - Hosts: 82.165.8.183 thepluginsite.com #0
O1 - Hosts: 203.22.204.75 www.tutorialguide.net #0
O1 - Hosts: 64.49.213.239 www.dvdirect.com #0
O1 - Hosts: 65.17.220.46 windowsxp.mvps.org #0
O1 - Hosts: 212.179.112.195 www.zooloo.co.il #0
O1 - Hosts: 213.193.214.22 www.downloads.nl #0
O1 - Hosts: 12.155.170.10 www.zipzoomfly.com #0
O1 - Hosts: 216.220.38.37 www.dellauction.com #0
O1 - Hosts: 143.166.224.178 www.dell.com #0
O2 - BHO: (no name) - {00E506EB-9D01-C6D2-2C52-C8CE65B8BAC2} - C:\WINDOWS\system32\ioyfvj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SONYCO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F859740-0BA5-522F-D1CD-51A70258E299} - C:\WINDOWS\system32\xzmw.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {D39525BE-B85E-E288-2B07-BD891009319D} - C:\WINDOWS\system32\xyow.dll (file missing)
O2 - BHO: (no name) - {EB7456EB-9E52-C1DD-2AE7-C39EF031579A} - C:\WINDOWS\system32\xkterbt.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [MoodLogic Service] C:\Program Files\MoodLogic\Service\MLService.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\SKS~1\ati2evxx.exe" -vt ndrv
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Gqwlwhel] C:\WINDOWS\s?curity\e?plorer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Mises à jour planifiées de Quicken.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!ANetSpeeder] NetSpeeder
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD1BE0CA-E603-4B66-B5AA-EE9D2BDA41AB}: NameServer = 192.168.2.1
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winooq32 - winooq32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXEO23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\Syst

Edited by plomper007, 10 November 2006 - 03:15 PM.


#4 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:05 PM

Posted 11 November 2006 - 05:20 AM

Hi there. Lets continue...
Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to, click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcan worm remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Step2:
Download Hoster

This will restore your original Host files.
Run the program and press Restore Original Hosts and press OK.

Please set your system to show all files; please see here if you're unsure how to do this.

Step3:
Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Next to the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
C:\WINDOWS\System32\ioyfvj.dll<==File

Step4:
With all other windows closed, start your HijackThis and Click "Do a System Scan Only"

Click in the check-box to the left of each of the following entries, if found:

R3 - URLSearchHook: (no name) - {00E506EB-9D01-C6D2-2C52-C8CE65B8BAC2} - C:\WINDOWS\system32\ioyfvj.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 72.3.210.161 www.8notes.com #0
O1 - Hosts: 207.126.123.20 graphicssoft.about.com #0
O1 - Hosts: 67.15.14.25 photoshop.pluginsworld.com #0
O1 - Hosts: 66.152.98.203 afunk.com #0
O1 - Hosts: 198.65.148.153 www.israelnationalnews.com #0
O1 - Hosts: 217.146.194.10 asta-killer.com #0
O1 - Hosts: 209.68.24.127 www.timeanddate.com #0
O1 - Hosts: 207.25.71.245 edition.cnn.com #0
O1 - Hosts: 64.236.16.84 www.cnn.com #0
O1 - Hosts: 216.83.98.5 www.compu-docs.com #0
O1 - Hosts: 64.12.131.62 www.mapquest.com #0
O1 - Hosts: 209.151.229.17 www.esystor.com #0
O1 - Hosts: 66.246.72.50 www.freedownloadscenter.com #0
O1 - Hosts: 67.19.235.68 www.free-codecs.com #0
O1 - Hosts: 70.84.249.84 www.geekstogo.com #0
O1 - Hosts: 72.14.207.104 72.14.207.104 #0
O1 - Hosts: 64.233.167.147 www.google.ca #0
O1 - Hosts: 66.33.220.31 www.hebcal.com #0
O1 - Hosts: 209.150.143.123 www.aishdas.org #0
O1 - Hosts: 216.53.71.4 www.otzar770.com #0
O1 - Hosts: 69.90.138.56 www.ufcw.ca #0
O1 - Hosts: 209.59.180.2 www.softwaretipsandtricks.com #0
O1 - Hosts: 206.191.20.44 www.jvc.ca #0
O1 - Hosts: 216.119.86.186 www.allaboutpromos.com #0
O1 - Hosts: 217.146.194.10 www.thekeys.ws #0
O1 - Hosts: 216.69.149.230 mya.securepaynet.net #0
O1 - Hosts: 62.212.84.61 www.nforce.nl #0
O1 - Hosts: 65.199.155.60 www.pcconnection.com #0
O1 - Hosts: 70.84.104.89 www.tutorialoutpost.com #0
O1 - Hosts: 198.37.36.40 www.pinnaclesys.com #0
O1 - Hosts: 66.203.115.26 www.real.com #0
O1 - Hosts: 207.61.25.39 www.royalsunalliance.ca #0
O1 - Hosts: 216.59.158.75 www.runtechmedia.net #0
O1 - Hosts: 132.204.136.20 lois.justice.gc.ca #0
O1 - Hosts: 208.196.93.204 www.goemerchant7.com #0
O1 - Hosts: 217.146.194.10 www.seriall.com #0
O1 - Hosts: 66.225.246.84 www.sofotex.com #0
O1 - Hosts: 70.85.60.100 www.dawnload.net #0
O1 - Hosts: 80.93.57.103 superserials.com #0
O1 - Hosts: 82.165.8.183 thepluginsite.com #0
O1 - Hosts: 203.22.204.75 www.tutorialguide.net #0
O1 - Hosts: 64.49.213.239 www.dvdirect.com #0
O1 - Hosts: 65.17.220.46 windowsxp.mvps.org #0
O1 - Hosts: 212.179.112.195 www.zooloo.co.il #0
O1 - Hosts: 213.193.214.22 www.downloads.nl #0
O1 - Hosts: 12.155.170.10 www.zipzoomfly.com #0
O1 - Hosts: 216.220.38.37 www.dellauction.com #0
O1 - Hosts: 143.166.224.178 www.dell.com #0
O2 - BHO: (no name) - {00E506EB-9D01-C6D2-2C52-C8CE65B8BAC2} - C:\WINDOWS\system32\ioyfvj.dll
O2 - BHO: (no name) - {5F859740-0BA5-522F-D1CD-51A70258E299} - C:\WINDOWS\system32\xzmw.dll (file missing)
O2 - BHO: (no name) - {D39525BE-B85E-E288-2B07-BD891009319D} - C:\WINDOWS\system32\xyow.dll (file missing)
O2 - BHO: (no name) - {EB7456EB-9E52-C1DD-2AE7-C39EF031579A} - C:\WINDOWS\system32\xkterbt.dll (file missing)
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Gqwlwhel] C:\WINDOWS\s?curity\e?plorer.exe
O20 - Winlogon Notify: winooq32 - winooq32.dll (file missing)



Select Fix Checked

Exit Explorer, and REBOOT BACK INTO NORMAL MODE

Step5:
Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Gqwlwhel"=-

Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

Step6:
In your next reply, please include Fresh Hijackthis, Thanks.

#5 plomper007

plomper007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 11 November 2006 - 10:10 PM

thanks for the help
here is a new log


Logfile of HijackThis v1.99.1
Scan saved at 10:03:41 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\MoodLogic\Service\MLService.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\MoodLogic\Service\Updater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - URLSearchHook: (no name) - {00E506EB-9D01-C6D2-2C52-C8CE65B8BAC2} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SONYCO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F859740-0BA5-522F-D1CD-51A70258E299} - C:\WINDOWS\system32\xzmw.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [MoodLogic Service] C:\Program Files\MoodLogic\Service\MLService.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\SKS~1\ati2evxx.exe" -vt ndrv
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Mises à jour planifiées de Quicken.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!ANetSpeeder] NetSpeeder
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD1BE0CA-E603-4B66-B5AA-EE9D2BDA41AB}: NameServer = 192.168.2.1
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#6 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:05 PM

Posted 12 November 2006 - 03:27 AM

Hi again.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time.
The reason for this is that if both products have their automatic (Real-Time) protection switched on,
then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".
It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.
In general terms, the two programs may conflict and cause:

* False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
* System Performance Problems: Your system may lock up due to both software products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or Norton.
************************************************************************
************************************************************************
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key
    until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save
    it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.
************************************************************************
************************************************************************
With all other windows closed, start your HijackThis and Click "Do a System Scan Only"
Click in the check-box to the left of each of the following entries, if found:
R3 - URLSearchHook: (no name) - {00E506EB-9D01-C6D2-2C52-C8CE65B8BAC2} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {5F859740-0BA5-522F-D1CD-51A70258E299} - C:\WINDOWS\system32\xzmw.dll (file missing)
Select Fix Checked
************************************************************************
************************************************************************
Reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan and fresh HJT log, thanks.

#7 plomper007

plomper007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 12 November 2006 - 12:48 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:42:00 PM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\MoodLogic\Service\MLService.exe
C:\Program Files\MoodLogic\Service\Updater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SONYCO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MoodLogic Service] C:\Program Files\MoodLogic\Service\MLService.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\SKS~1\ati2evxx.exe" -vt ndrv
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Mises à jour planifiées de Quicken.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!ANetSpeeder] NetSpeeder
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD1BE0CA-E603-4B66-B5AA-EE9D2BDA41AB}: NameServer = 192.168.2.1
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

i only have the free avg anti virus and it says no threats found

#8 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:05 PM

Posted 13 November 2006 - 02:58 AM

Hi.
Please copy the following text in the codebox below (starting from @echo off..) to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeservice.bat. to your desktop.

@echo off
sc stop "Automatic LiveUpdate Scheduler"
sc delete "Automatic LiveUpdate Scheduler"
Double-click on Removeservice.bat. A window will pop up and close. This is normal. Please reboot.

Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
C:\Program Files\Symantec<==Folder
Please run AVG A-S.
How the system running now?

#9 plomper007

plomper007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 14 November 2006 - 12:27 PM

thanks :thumbsup:
the popups stopped :flowers:
how do you think it got in how do i prevent another attack?

avg a-s is showing

+ Created at: 12:26:14 PM 11/14/2006

+ Scan result:



C:\Documents and Settings\steven\Cookies\steven@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\steven\Cookies\steven@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\steven\Cookies\steven@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\steven\Cookies\steven@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\steven\Cookies\steven@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.


::Report end

Edited by plomper007, 14 November 2006 - 12:29 PM.


#10 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:05 PM

Posted 14 November 2006 - 12:41 PM

After reviewing your log, it appears to be clean of any malware. Please notify me of any problems you still are having. Other than that, you MUST take the time to read my.........
Posted ImagePosted ImagePosted ImagePosted Image
First let us rehide your System Files
  • Click Start.
  • Open My Computer.
  • Select Tools menu
  • Click Folder Options.
  • Select the View Tab.
  • Uncheck Show hidden files and folders in the Hidden files and folders section.
  • Select Hide protected operating system files (recommended) option.
  • Check the Hide file extensions for known file types option.
  • ClickYes.
  • Click OK
Next, let us reset your system restore points. Please follow these simple steps in order:

Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Clickthe System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.

    Restart your computer

  • Turn ON System Restore.
  • On the Desktop, right-clickMy Computer.
  • Click Properties.
  • Click theSystem Restore tab.
  • Un-Check Turn off System Restore.
  • Click Apply, and then clickOK.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Posted Image

Next, if they're not already present, I would recommend the download and installation of some of the following anti-spyware programs, and the updating of them regularly. Having only a firewall and anti-virus software is not enough to keep you safe from spyware, as both are mostly weak against the onslaught of spyware today out there on the internet :
  • Spyware Blaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. SpywareBlaster is free. A tutorial can be found here.
  • IE Spyad - IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites. IE-SPYAD is free. A tutorial can be found here.
  • Spyware Doctor - Spyware Doctor is a top-rated malware & spyware removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, trojans, keyloggers, spybots and tracking threats. Protect your privacy and computing habits from prying eyes and virtual trespassers with the help of Spyware Doctor. This one you will have to pay, but it is worth every penny.
  • Windows Defender (Beta 2) - Free program from Microsoft that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, and a new streamlined interface that minimizes interruptions and helps you stay productive.
  • Fire Trust Sitehound - Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer.
  • WinPatrol - WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files. This one is free but has a "Plus" version that you can pay for.
  • A-squared - Free version can scan for worms, trojans, dialers and spyware. The non-free version has realtime-monitoring.
  • ewido anti-malware - Highly underrated from the beginning by most critics, ewido anti-malware offers protection from spyware, adware, trojans and dialers. The first time you download it, it will have realtime-monitoring. After the trial, the realtime-monitoring disappears but you will still be able to use it for scanning and removing present infections for free.
  • Spysweeper - Webroot's Spy Sweeper is well known for being one of the better spyware detection and removal programs. A 30-day free trial is available, however, it will not remove any spyware it detects; for that, you'll need to purchase the product.
  • SpywareGuard - An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! This one is absolutely free.


    ALERT: Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware". You can find the list here.
Alternate Web Browsers


Because of the way Microsoft Windows is designed, Microsoft Internet Explorer is deeply embedded into Windows. This allows spyware and adware deep access to the Windows operating system. In addition, Internet Explorer has "features" that are exploited by the spyware authors, such as ActiveX and other integrated scripting operations. Since IE comes with every copy of Windows, it's easy for the spyware authors to assume those features are present and active.

There are several alternative web browsers that have fewer vulnerabilities. Firefox and Opera are excellent choices to replace IE.


1) Mozilla Firefox - Firefox is a light, small, fast browser that has all the standard features of a web browser and has fewer vulnerabilities.
2) Opera Web Browser- Opera displays security information inside the address bar that indicates the level of security present on a site. Opera also provides protection against phishing attacks and automatically checks for security updates.


Note: All Microsoft Updates can only be downloaded/viewed through the Internet Explorer web browser.

Had a hard time with Malware? Then make your complaint and Stand Up and Be Counted HERE!!

You can post a complaint here in that forum through the purple link above. There is no need to register. Let your voice be heard on how and why you got infected and share it with others. Remember, a little complaint can go a long way to stopping the spread of malware on the internet.

Keep your Sun Java UP-TO-DATE!!!

It is very important not only to keep Sun Java up to date but also to remove older versions which have security holes and can be exploited by malware.

- To check what version you have installed, please go here. If your Java version does not match the latest one found here, you will need to update it by clicking your download choice (preferably 'Windows Online Installation') and following the instructions listed.

- If you do need to update your Sun Java, you must uninstall all older versions by the Add/Remove Programs in the Control Panel first.


Finally, keep your Microsoft-based operating system up to date!!!!!! Visit Microsoft Update regularly for the latest protection!!!!!

Goodbye and keep safe!! Don't let me see you around here again!!! :thumbsup:

#11 plomper007

plomper007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 15 November 2006 - 10:41 AM

hi
thanks for all the great support
keep up the good job
i got this e-mail from
outerinfo support
what do u think of their solution?


) Run OIUninstaller.exe
2) Confirm the program is gone from Add / Remove Programs
3) Click on "Start"
4) Click on "Run"
5) Type "notepad C:\WINDOWS\system32\drivers\etc\hosts"
6) Add the following lines to the end of that file:
127.0.0.1 cu.outerinfo.com
7) Click on "File"
8) Click on "Save"
9) Click on "File"
10) Click on "Exit"
11) Reboot your computer
12) Did OIN come back?
13) If not, then it will never come back on your computer. If it did
manage to come back, please run the attached program OINDetect.exe
(contained within OINDetect.zip) and email us with the text in the
"data" and "info" fields.



steven kaminsky wrote:
> the outer info popups dont stop even after i used the uninstall program
> im having a bad time with the outerinfo popups nothing is making them stop
> please advise how to get it out forever

#12 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:05 PM

Posted 15 November 2006 - 02:00 PM

Hi.
Yes, You can add 127.0.0.1 cu.outerinfo.com to the Hosts-file.
Check this

Edited by kairis, 15 November 2006 - 02:02 PM.


#13 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:05 PM

Posted 21 November 2006 - 01:40 PM

Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users