Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log - Stressed User From Slow Computer


  • Please log in to reply
7 replies to this topic

#1 nzgirl04

nzgirl04

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 16 December 2006 - 09:19 PM

It's been two years since my last confession!!!

My computer is running extremely slow/freezing
Dial-up box pops up on startup automatically trying to connect to net, closes after 4 attemps of closing
CPU running at 100% most of the time
Microsoft Firewall disables on every shutdown
Having prob with; smitfraud-c, spysheriff, worm nuwar.po/jo?, win32.Trojan.MatrixHasYou, win32.Sinteri trojan, win32.Lobster trojan, win32.Luder!, trojan horse downloader.Generic3.RG and similar. I do not know if any of these are still on my computer as some keep coming back.

Would appreciate help on anything that can make my computer run more smoothly, Thankyou in advance.


HJT Log - Suzanne

Logfile of HijackThis v1.99.1
Scan saved at 12:04:43 p.m., on 17/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\syspools.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG12.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nz.f901.mail.yahoo.com/ym/login?.rand=aqc9foalfir9o
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.yahoomail.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166249944859
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Download_Helper/fsloader_v3.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v48/chess/chess.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9CA8C5F-CCD6-456B-9F62-6C322FD6ECEE}: NameServer = 203.21.20.20 203.10.1.9
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 17 December 2006 - 11:37 AM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 nzgirl04

nzgirl04
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 18 December 2006 - 08:32 AM

Hi,
Thankyou so much for replying so fast at this time of year. Sorry I have no replied sooner, was not on comp at all yesterday, and program took 2hrs to download (dial-up!).

Just one question. Why did my spy-bot and ad-aware not find these items in the log below??? Also a note, the instructions you gave me were a little hard to follow, as maybe I have downloaded a different version to you, I found my way around eventually, just things were not where you pointed out they should be, no worries, I think I've got what you need.



Sweeper Log - Suzanne (as requested);

11:16 p.m.: Deletion from quarantine completed. Elapsed time 00:00:00
11:16 p.m.: Processing: whenu savenow
11:16 p.m.: Processing: whenu savenow
11:16 p.m.: Processing: whenu savenow
11:16 p.m.: Processing: 2o7.net cookie
11:16 p.m.: Processing: overture cookie
11:16 p.m.: Processing: falkag cookie
11:16 p.m.: Processing: burstnet cookie
11:16 p.m.: Processing: 180search assistant/zango
11:16 p.m.: Processing: hotbar/zango
11:16 p.m.: Processing: serving-sys cookie
11:16 p.m.: Processing: gain - common components
11:16 p.m.: Processing: tacoda cookie
11:16 p.m.: Processing: ipinsight
11:16 p.m.: Processing: ipinsight
11:16 p.m.: Processing: ipinsight
11:16 p.m.: Processing: ipinsight
11:16 p.m.: Processing: cydoor peer-to-peer dependency
11:16 p.m.: Processing: moneytree
11:16 p.m.: Processing: xpehbam dialer
11:16 p.m.: Processing: cashdeluxe
11:16 p.m.: Processing: marketscore
11:16 p.m.: Processing: cas
11:16 p.m.: Processing: cas
11:16 p.m.: Processing: trojan-backdoor-securemulti
11:16 p.m.: Processing: cws_cassandra
11:16 p.m.: Processing: cws_cassandra
11:16 p.m.: Processing: cws_cassandra
11:16 p.m.: Processing: cws_cassandra
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Processing: trojan-nuwar
11:16 p.m.: Deletion from quarantine initiated
11:15 p.m.: Removal process completed. Elapsed time 00:03:14
11:13 p.m.: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST159.tmp". Reason: The system cannot find the file specified
11:13 p.m.: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
11:13 p.m.: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST159.tmp". Reason: The system cannot find the file specified
11:13 p.m.: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
11:13 p.m.: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST159.tmp". Reason: The system cannot find the file specified
11:13 p.m.: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
11:13 p.m.: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST159.tmp". Reason: The system cannot find the file specified
11:13 p.m.: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
11:13 p.m.: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST159.tmp". Reason: The system cannot find the file specified
11:13 p.m.: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
11:13 p.m.: Quarantining All Traces: whenu savenow
11:13 p.m.: Quarantining All Traces: gain - common components
11:13 p.m.: Quarantining All Traces: 180search assistant/zango
11:13 p.m.: Quarantining All Traces: burstnet cookie
11:13 p.m.: Quarantining All Traces: tacoda cookie
11:13 p.m.: Quarantining All Traces: serving-sys cookie
11:13 p.m.: Quarantining All Traces: overture cookie
11:13 p.m.: Quarantining All Traces: falkag cookie
11:13 p.m.: Quarantining All Traces: 2o7.net cookie
11:13 p.m.: Quarantining All Traces: hotbar/zango
11:13 p.m.: Quarantining All Traces: cydoor peer-to-peer dependency
11:13 p.m.: Quarantining All Traces: xpehbam dialer
11:13 p.m.: Quarantining All Traces: moneytree
11:13 p.m.: Quarantining All Traces: ipinsight
11:13 p.m.: Quarantining All Traces: cashdeluxe
11:13 p.m.: Quarantining All Traces: cas
11:13 p.m.: Quarantining All Traces: marketscore
11:13 p.m.: Quarantining All Traces: trojan-nuwar
11:13 p.m.: Quarantining All Traces: cws_cassandra
11:13 p.m.: Quarantining All Traces: trojan-backdoor-securemulti
11:12 p.m.: Removal process initiated
11:10 p.m.: Traces Found: 48
11:10 p.m.: Custom Sweep has completed. Elapsed time 00:36:55
11:10 p.m.: File Sweep Complete, Elapsed Time: 00:33:12
11:03 p.m.: E:\Program Files\SaveNow\savenow.htm (ID = 74396)
11:03 p.m.: E:\Program Files\SaveNow\SaveNow.exe (ID = 74394)
11:01 p.m.: E:\WINDOWS\TEMP\SaveNowInst.exe (ID = 74398)
11:01 p.m.: Found Adware: whenu savenow
11:00 p.m.: E:\WINDOWS\SYSTEM\cd_clint.dll (ID = 57300)
11:00 p.m.: Found Adware: cydoor peer-to-peer dependency
11:00 p.m.: E:\WINDOWS\GatorSetup.log (ID = 61410)
11:00 p.m.: Found Adware: gain - common components
11:00 p.m.: Warning: Failed to access drive D:
11:00 p.m.: C:\WINDOWS\inf\conscorr.inf (ID = 64277)
11:00 p.m.: c:\documents and settings\dean phillips\local settings\temp\conscorr.inf (ID = 64277)
10:59 p.m.: Warning: Failed to open file "c:\system volume information\catalog.wci\ciflfffd.000". The operation completed successfully
10:58 p.m.: C:\WINDOWS\seksdialer.exe (ID = 90847)
10:58 p.m.: Found Adware: xpehbam dialer
10:58 p.m.: C:\WINDOWS\system\system.exe (ID = 371941)
10:58 p.m.: C:\WINDOWS\system.exe (ID = 371941)
10:58 p.m.: Found Adware: cas
10:58 p.m.: C:\WINDOWS\nem216.dll (ID = 70084)
10:58 p.m.: Found Adware: moneytree
10:58 p.m.: C:\WINDOWS\conscorr.ini (ID = 64264)
10:58 p.m.: c:\documents and settings\dean phillips\local settings\temp\conscorr.ini (ID = 64264)
10:58 p.m.: Found Adware: ipinsight
Operation: File Access
Target:
Source: C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
10:57 p.m.: Tamper Detection
10:57 p.m.: HKU\WRSS_Profile_S-1-5-21-681764103-3020190987-2214429306-1006\Software\Microsoft\Windows\CurrentVersion\Run || Nord (ID = 0)
10:57 p.m.: C:\WINDOWS\system32\nordsys.exe (ID = 413314)
10:56 p.m.: C:\Documents and Settings\Suzanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EV6ZIZ27\se[1].exe (ID = 418727)
10:50 p.m.: C:\temp\salmau.dat (ID = 93788)
10:50 p.m.: Found Adware: 180search assistant/zango
10:47 p.m.: c:\documents and settings\dean phillips\x11vhoa.exe (ID = 418173)
10:47 p.m.: c:\documents and settings\dean phillips\jpkfrph.exe (ID = 411751)
10:45 p.m.: c:\documents and settings\dean phillips\local settings\temporary internet files\content.ie5\qhnc5cza\w[1].exe (ID = 418730)
10:45 p.m.: c:\documents and settings\dean phillips\local settings\temporary internet files\content.ie5\s1i7s1m7\se[1].exe (ID = 418727)
10:45 p.m.: c:\documents and settings\dean phillips\local settings\temporary internet files\content.ie5\o1670dyf\ss[1].exe (ID = 418726)
10:45 p.m.: C:\WINDOWS\system32\google.png.exe (ID = 418741)
10:40 p.m.: C:\Documents and Settings\Suzanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\UP81O1WH\w[1].exe (ID = 418730)
10:39 p.m.: c:\documents and settings\dean phillips\aw8ps0x.exe (ID = 418173)
10:39 p.m.: c:\documents and settings\dean phillips\x2v00h2.exe (ID = 411751)
10:39 p.m.: Spy Installation Shield: found: Trojan Horse: trojan-nuwar, version 1.0.0.0
10:39 p.m.: Spy Installation Shield: found: Trojan Horse: trojan-nuwar, version 1.0.0.0
10:39 p.m.: C:\Documents and Settings\Suzanne\A8FxlDX.exe (ID = 418173)
10:39 p.m.: C:\System Volume Information\_restore{de53e44d-605f-474c-9c7e-b63418532b05}\RP294\A0107867.exe (ID = 418173)
10:38 p.m.: C:\System Volume Information\_restore{de53e44d-605f-474c-9c7e-b63418532b05}\RP293\A0107858.exe (ID = 418173)
10:38 p.m.: C:\System Volume Information\_restore{de53e44d-605f-474c-9c7e-b63418532b05}\RP293\A0107857.exe (ID = 418173)
10:38 p.m.: C:\WINDOWS\system32\w.exe (ID = 418729)
10:38 p.m.: C:\System Volume Information\_restore{de53e44d-605f-474c-9c7e-b63418532b05}\RP285\A0100791.exe (ID = 411751)
10:37 p.m.: Starting File Sweep
10:37 p.m.: Warning: Failed to access drive A:
10:37 p.m.: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:37 p.m.: c:\documents and settings\dean phillips\cookies\dean phillips@www.burstnet[1].txt (ID = 2337)
10:37 p.m.: Found Spy Cookie: burstnet cookie
10:37 p.m.: c:\documents and settings\dean phillips\cookies\dean phillips@tacoda[1].txt (ID = 6444)
10:37 p.m.: Found Spy Cookie: tacoda cookie
10:37 p.m.: c:\documents and settings\suzanne\cookies\suzanne@serving-sys[1].txt (ID = 3343)
10:37 p.m.: Found Spy Cookie: serving-sys cookie
10:37 p.m.: c:\documents and settings\suzanne\cookies\suzanne@overture[1].txt (ID = 3105)
10:37 p.m.: Found Spy Cookie: overture cookie
10:37 p.m.: c:\documents and settings\suzanne\cookies\suzanne@as-us.falkag[1].txt (ID = 2650)
10:37 p.m.: Found Spy Cookie: falkag cookie
10:37 p.m.: c:\documents and settings\suzanne\cookies\suzanne@2o7[2].txt (ID = 1957)
10:37 p.m.: Found Spy Cookie: 2o7.net cookie
10:37 p.m.: Starting Cookie Sweep
10:37 p.m.: Registry Sweep Complete, Elapsed Time:00:00:35
10:37 p.m.: HKU\WRSS_Profile_S-1-5-21-681764103-3020190987-2214429306-1006\software\microsoft\windows\currentversion\run\ || system spool (ID = 1883870)
10:37 p.m.: Found Trojan Horse: trojan-nuwar
10:37 p.m.: HKU\WRSS_Profile_S-1-5-21-681764103-3020190987-2214429306-1006\software\microsoft\internet explorer\main\ || spded (ID = 117049)
10:37 p.m.: HKU\WRSS_Profile_S-1-5-21-681764103-3020190987-2214429306-1006\software\microsoft\internet explorer\main\ || hpded (ID = 117048)
10:37 p.m.: HKU\S-1-5-21-681764103-3020190987-2214429306-1007\software\microsoft\internet explorer\main\ || spded (ID = 117049)
10:37 p.m.: HKU\S-1-5-21-681764103-3020190987-2214429306-1007\software\microsoft\internet explorer\main\ || hpded (ID = 117048)
10:37 p.m.: Found Adware: cws_cassandra
10:36 p.m.: HKLM\software\classes\typelib\{a134335e-02f3-4065-865d-17d106336f96}\ (ID = 1595144)
10:36 p.m.: HKCR\typelib\{a134335e-02f3-4065-865d-17d106336f96}\ (ID = 1595117)
10:36 p.m.: Found Adware: cashdeluxe
10:36 p.m.: HKLM\software\microsoft\windows\currentversion\uninstall\relevantknowledge\ (ID = 134764)
10:36 p.m.: Found Adware: marketscore
10:36 p.m.: HKLM\software\classes\hbinstie.hbinstobj.1\ (ID = 127453)
10:36 p.m.: Found Adware: hotbar/zango
10:36 p.m.: Starting Registry Sweep
10:36 p.m.: Memory Sweep Complete, Elapsed Time: 00:02:50
10:33 p.m.: Starting Memory Sweep
10:33 p.m.: HKU\WRSS_Profile_S-1-5-21-681764103-3020190987-2214429306-1006\software\microsoft\windows\currentversion\run\ || taskdir (ID = 1220571)
10:33 p.m.: Found Trojan Horse: trojan-backdoor-securemulti
10:33 p.m.: Start Custom Sweep
10:33 p.m.: Sweep initiated using definitions version 823
10:33 p.m.: Spy Sweeper 5.2.3.2138 started
10:33 p.m.: | Start of Session, Monday, 18 December 2006 |
********
10:33 p.m.: | End of Session, Monday, 18 December 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:27 p.m.: Shield States
10:25 p.m.: Spyware Definitions: 816
10:25 p.m.: Warning: Virus definitions files are invalid, please update your virus definitions. 220
10:24 p.m.: Spy Sweeper 5.2.3.2138 started
10:24 p.m.: Spy Sweeper 5.2.3.2138 started
10:24 p.m.: | Start of Session, Monday, 18 December 2006 |
********


HJT Log - Suzanne


Logfile of HijackThis v1.99.1
Scan saved at 11:27:49 p.m., on 18/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nz.f901.mail.yahoo.com/ym/login?.rand=aqc9foalfir9o
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.yahoomail.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166249944859
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Download_Helper/fsloader_v3.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v48/chess/chess.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9CA8C5F-CCD6-456B-9F62-6C322FD6ECEE}: NameServer = 203.21.20.20 203.10.1.9
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 18 December 2006 - 10:09 AM

Fix this with HiJackThis – mark it, close IE, click fix checked

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
===================
Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
==================

Different products find different things


How are things now
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 nzgirl04

nzgirl04
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 18 December 2006 - 05:43 PM

Im Back, and feeling better already!! :thumbsup:

My CPU usage is running a hell of a lot better!
When I double-click on "My Comp" now it comes up straight away!
Everything seems to be running a lot smoother!
The pop-up for automatic dial-up has gone!
My anti-virus (AVG) is still finding a lot of new viruses though. When my trial of Sweeper ends what happens to anything in the quarantine???

Here is a new Log for you;


HJT Log - Suzanne

Logfile of HijackThis v1.99.1
Scan saved at 8:33:05 a.m., on 19/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nz.f901.mail.yahoo.com/ym/login?.rand=aqc9foalfir9o
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.yahoomail.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166249944859
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Download_Helper/fsloader_v3.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v48/chess/chess.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9CA8C5F-CCD6-456B-9F62-6C322FD6ECEE}: NameServer = 203.21.20.20 203.10.1.9
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


Tell me what you think?

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 18 December 2006 - 05:46 PM

Empty the quarantine

================

IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.
========================

good to go
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 nzgirl04

nzgirl04
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 18 December 2006 - 05:54 PM

Wow you are super-fast. :thumbsup: :flowers:

Did all that!!!!! Great

Spy Sweeper has found;
Trojan Horse found: trojan-backdoor-securemulti
Adware found: cws_cassandra
Trojan Horse found: trojan-nuwar
again! is that ok????

THanks

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 18 December 2006 - 06:02 PM

The log looked fine and some of that was found previously

keep runnning ss until its clean - do not worry about cookies
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users