Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

360 Share Pro.....


  • Please log in to reply
13 replies to this topic

#1 donnacarteruk

donnacarteruk

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 27 November 2006 - 09:21 PM

I am getting a 360 share pro pop up screen each tie I turn on or log on to my pc. I have tried to uninstall it from the add/remove prgrams list but I can't seem toget rid of it completely.
Also, when running the Panda scan listed on your help pages to get to doing this log, I had an awaflu lot of spyware (about 57 I think) and two hacking/root its. i followed the link to disinfect my pc but it wanted me to pay £8.49. I put in all my details to pay it but it wouldn't go through. I kept getting an error sayingt hat the application was not allowed! Also, Housecall Antivirus didn't work. The page would only half download....

Here is my Hijackthis Log...

Logfile of HijackThis v1.99.1
Scan saved at 02:12:06, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Documents and Settings\Donna\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9307A1-DEAB-488F-8E94-9CC4DD0B40FB}: NameServer = 80.225.250.178 80.225.250.186
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:21 PM

Posted 28 November 2006 - 12:26 AM

Hello donnacarteruk,

I am SifuMike and I will be helping you. :thumbsup:


Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. :flowers:
Be Patient, as it can take many hours to run.

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.



Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
5. Click on "Save Report" to view all completed scans.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware 7.5

When done, submit the AVG Anti-Spyware 7.5 log, the BitDefender log , a  fresh Hijackthis log and tell me how your computer is running.

Edited by SifuMike, 28 November 2006 - 12:34 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 donnacarteruk

donnacarteruk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 28 November 2006 - 12:59 PM

Bitdefender says No problems were found.....

#4 donnacarteruk

donnacarteruk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 28 November 2006 - 01:57 PM

AVG Antispyware log;
Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Cy\Cookies\cy@adviva[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Cy\Cookies\cy@bfast[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Cy\Cookies\cy@centrport[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Cy\Cookies\cy@cgi-bin[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cy\Cookies\cy@com[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Cy\Cookies\cy@data.coremetrics[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Cy\Cookies\cy@xmts[2].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Cy\Local Settings\Temporary Internet Files\Content.IE5\WZ6B2280\channels_02[1].gif
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.target.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.target.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Donna\Cookies\donna@adviva[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Donna\Cookies\donna@anm.co[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Donna\Cookies\donna@atdmt[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Donna\Cookies\donna@bfast[1].txt
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Donna\Cookies\donna@bilbo.counted[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Donna\Cookies\donna@bravenet[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Donna\Cookies\donna@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Donna\Cookies\donna@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Donna\Cookies\donna@counter.hitslink[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Donna\Cookies\donna@data.coremetrics[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Donna\Cookies\donna@did-it[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Donna\Cookies\donna@go[2].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Donna\Cookies\donna@research-int[1].txt
Spyware:Cookie/Servlet Not disinfected C:\Documents and Settings\Donna\Cookies\donna@servlet[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Donna\Cookies\donna@statse.webtrendslive[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Donna\Cookies\donna@target[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Donna\Cookies\donna@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Donna\Cookies\donna@xmts[2].txt
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe

#5 donnacarteruk

donnacarteruk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 28 November 2006 - 02:00 PM

Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 18:55:40, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Donna\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9307A1-DEAB-488F-8E94-9CC4DD0B40FB}: NameServer = 80.225.250.178 80.225.250.186
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

#6 donnacarteruk

donnacarteruk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 28 November 2006 - 02:01 PM

My computer seems ot be running faster now. Although I am still getting that stupid 360 share pro pop up at start up and log on.....

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:21 PM

Posted 28 November 2006 - 02:13 PM

Hi Donna,

It looks like you posted the wrong log. :thumbsup: The log you posted is from Panda ActiveScan, not for AVG AntiSpyware.

If you have run the AVG antispyware, then please post it. :flowers:
If you have not run it yet, please run it per my previous instructions. It has to be run in the Safe Mode.

Although I am still getting that stupid 360 share pro pop up at start up and log on.....


We will take care of that shortly.


Before we start, you need to realise that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world.

You need to install an antivirus program as soon as you can and run a complete scan of the computer.
I recommend you download the free
AntiVir or
AVG antivirus or
Avast
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!


Let me know when you have installed the antivirus.
Thanks.

Edited by SifuMike, 28 November 2006 - 02:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 donnacarteruk

donnacarteruk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 28 November 2006 - 06:50 PM

:thumbsup:

Here is the AVG report.....


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:50:37 28/11/2006

+ Scan result:



C:\Program Files\360Share Pro\Gui\$300 FREE Casino Tropez.exe -> Adware.Casino : Cleaned.
C:\Program Files\360Share Pro\Gui\$500 FREE Titan Poker.exe -> Adware.Casino : Cleaned.
C:\Program Files\360Share Pro\Gui\$888 FREE Vegas Red.exe -> Adware.Casino : Cleaned.
:mozilla.667:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.669:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.975:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.991:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.241:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.852:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.853:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.893:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.899:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.900:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.902:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.903:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.629:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.946:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.947:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.948:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.949:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.950:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.605:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.70:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.778:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.815:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.880:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.740:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.847:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.850:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.851:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.866:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.867:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.870:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.872:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.873:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.874:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.875:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.876:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.884:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.888:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.889:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.894:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.895:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.901:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.904:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.905:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.906:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.794:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.813:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.816:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.810:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.711:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.728:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.729:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.730:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.733:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.727:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.731:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.732:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.734:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.665:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.668:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.674:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.579:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.580:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.581:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.582:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.583:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.584:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.602:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.603:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.610:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.611:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.637:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.638:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.639:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.632:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.633:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.857:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.81:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.26:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.44:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.54:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ainuxr7f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:21 PM

Posted 28 November 2006 - 06:56 PM

Hi Donna,

Please post a fresh Hijackthis log :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 donnacarteruk

donnacarteruk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 28 November 2006 - 07:00 PM

i have installed the AVG Antivirus. It is doing a scan now. I had Norton on the Pc uyntil lastnight when I took it all off as I couldn't figure out how to disable it and thought it might interfere with the scans I was doing....
Is it any good and should i put it back on again?

#11 donnacarteruk

donnacarteruk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 28 November 2006 - 07:02 PM

The latest Hijackthis log....

Logfile of HijackThis v1.99.1
Scan saved at 23:58:24, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Documents and Settings\Donna\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9307A1-DEAB-488F-8E94-9CC4DD0B40FB}: NameServer = 80.225.250.178 80.225.250.186
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:21 PM

Posted 28 November 2006 - 07:16 PM

Hi donna,

i have installed the AVG Antivirus. It is doing a scan now. I had Norton on the Pc uyntil lastnight when I took it all off as I couldn't figure out how to disable it and thought it might interfere with the scans I was doing....
Is it any good and should i put it back on again?


Let AVG antivirus finish scanning and remove anything it finds.
Since you paid for Norton Antivirus, you should reinstall it (but after you uninstall AVG antivirus, of course). Norton Antivirus is a good program. :thumbsup:

When I looked at your previous log I did not see Norton Antivirus installed, so that was the reason I asked to to install a free antivirus program. You need to have an antivirus running constantly to prevent viruses from getting on your computer.



See if you can uninstall 360Share Pro. If not, then thats OK.


Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



Please boot into Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe



*******************************************

Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Don't use the windows start\search feature
Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.
Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\Program Files\360Share Pro\ <==folder


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Finally, reboot to the Normal Mode and post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 donnacarteruk

donnacarteruk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 28 November 2006 - 08:54 PM

latest log:

Logfile of HijackThis v1.99.1
Scan saved at 01:40:43, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Donna\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9307A1-DEAB-488F-8E94-9CC4DD0B40FB}: NameServer = 80.225.250.178 80.225.250.186
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Ok, so now my laptop is running faster, logging on quicker and that stupid smiley 360 Share Pro that popped up on log on is gone! (Does a little victory wiggle round the table :thumbsup: :flowers: )

So now thats all done, is there anything else that needs to be done? Do I need to uninstall all these bits I have installed in the last couple of hours?
I have Norton Internet Security. Is that an antivirus aswell, or should i just stick with the AGV one I have now? I got the Norton stuff half price with my laptop (good old PC World) with Norton Ghost 9.0 and 10.0 and Norton Go Back. Not sure what they're for. Put them on the PC once but it slowed it right down and got really annoying so I took it off again.

Anyhow, am going to sleep now as I have spent the last couple fo nights propping my eyes open and eating sweeties waiting for scans to finish :huh:

Thankyou so so so much for all your help. I really could not have done it without you. Please tell me you get paid for this and you dont do it for nada?
P.S A donation will be coming through. Just need to get my tax rebate sorted (new job, NHS payroll @*!& up... Whats new :huh: )

Edited by donnacarteruk, 28 November 2006 - 08:56 PM.


#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:21 PM

Posted 28 November 2006 - 10:28 PM

Hi Donna,

Ok, so now my laptop is running faster, logging on quicker and that stupid smiley 360 Share Pro that popped up on log on is gone! (Does a little victory wiggle round the table


Like this: :huh:
:flowers: :huh: :huh:

So now thats all done, is there anything else that needs to be done?


Yes, let's clean your System Restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows.
The files in System Restore are protected to prevent any programs from changing those files.
This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.


Please read and follow
How did I get infected?, With steps so it does not happen again!

Do I need to uninstall all these bits I have installed in the last couple of hours?


It is not mandatiory you uninstall them.
You should have one temp file cleaner on your computer. You have CCleaner
and ATF (Atribune Temp File) Cleaner so chose the one you like and uninstall the other one. :huh:

You can uninstall AVG Anti-Spyware 7.5 if you want. It is free for one month, then the bells and whistles turn off, but the program still works.

I have Norton Internet Security. Is that an antivirus as well, or should i just stick with the AGV one I have now? I got the Norton stuff half price with my laptop (good old PC World) with Norton Ghost 9.0 and 10.0 and Norton Go Back. Not sure what they're for. Put them on the PC once but it slowed it right down and got really annoying so I took it off again.




Norton Internet Security

Detects and blocks spyware, viruses, and adware
Automatically blocks intruders and identity thieves
Automatically filters spam and dangerous phishing email
Blocks Web sites you don’t want your children to visit
Gives you control over all incoming and outgoing Internet traffic
Automatically scans email and instant-message attachments and removes viruses, Trojan horses, and worms
Includes Norton AntiVirus, Norton Personal Firewall, Norton Privacy Control, Norton AntiSpam, and Norton Parental Control


Norton Ghost 10

Creates full backups of your PCs contents
Restores individual files or entire hard drive
Monitors and optimizes backup disk space
Encrypts backups to help keep them secure



Norton Goback

Reverses system crashes, failed software installations, user errors, and more
Rolls PCs back minutes, hours, or even days before onset of a problem*
Lets you try software safely, with a fast uninstall if you don’t like it
Recovers accidentally deleted or modified files
Prevents unauthorized users from rolling back a hard drive
Automatically schedules hard drive restorations to a set configuration





Norton is good, but it tends to slow the computer.
I suggest you try AVG a couple of weeks and see if you like it. You may want to keep Norton, since you paid for it. They you could use it till the antivirus subscription expires (you must renew Norton Antivirus annually, and it is not cheap).
If decide not to use the Norton firewall, then here are four free firewalls available for personal use. If one conflicts with your system, try another.

You Need a (Properly Configured) Firewall
Understanding and Using Firewalls

Kerio Personal Firewall

Outpost Firewall Free

Jetico Personal Firewall

ZoneAlarm
ZoneAlarm Manual http://download.zonelabs.com/bin/media/pdf/ZAP40_manual.pdf

Important Tips -- Before installing personal firewall software on a Windows XP computer, be sure that the firewall built into Windows XP is turned off.
Never use two software firewalls at the same time.
Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel. 

I got my System Works for free after the two rebate they offered. Just have to watch the Sunday ads at the computer stores to get the deals on it.


Please tell me you get paid for this and you dont do it for nada?


We dont get paid, we volunteer our time and service; however, we do accept donations. :thumbsup:

Edited by SifuMike, 28 November 2006 - 10:39 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users