Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"can't Run Autorun.vbs"


  • Please log in to reply
31 replies to this topic

#1 Learner87

Learner87

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 30 December 2006 - 05:53 AM

Logfile of HijackThis v1.99.1
Scan saved at 6:50:20 PM, on 12/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\eManager\anbmServ.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
O1 - Hosts: 127.0.0.22 mcafee.com
O1 - Hosts: 127.0.0.22 www.mcafee.com
O1 - Hosts: 127.0.0.22 mcafee.net
O1 - Hosts: 127.0.0.22 www.mcafee.net
O1 - Hosts: 127.0.0.22 mcafee.org
O1 - Hosts: 127.0.0.22 www.mcafee.org
O1 - Hosts: 127.0.0.22 mcafeesecurity.com
O1 - Hosts: 127.0.0.22 www.mcafeesecurity.com
O1 - Hosts: 127.0.0.22 mcafeesecurity.net
O1 - Hosts: 127.0.0.22 www.mcafeesecurity.net
O1 - Hosts: 127.0.0.22 mcafeesecurity.org
O1 - Hosts: 127.0.0.22 www.mcafeesecurity.org
O1 - Hosts: 127.0.0.22 mcafeeb2b.com
O1 - Hosts: 127.0.0.22 www.mcafeeb2b.com
O1 - Hosts: 127.0.0.22 mcafeeb2b.net
O1 - Hosts: 127.0.0.22 www.mcafeeb2b.net
O1 - Hosts: 127.0.0.22 mcafeeb2b.org
O1 - Hosts: 127.0.0.22 www.mcafeeb2b.org
O1 - Hosts: 127.0.0.22 nai.com
O1 - Hosts: 127.0.0.22 www.nai.com
O1 - Hosts: 127.0.0.22 nai.net
O1 - Hosts: 127.0.0.22 www.nai.net
O1 - Hosts: 127.0.0.22 nai.org
O1 - Hosts: 127.0.0.22 www.nai.org
O1 - Hosts: 127.0.0.22 vil.nai.com
O1 - Hosts: 127.0.0.22 www.vil.nai.com
O1 - Hosts: 127.0.0.22 vil.nai.net
O1 - Hosts: 127.0.0.22 www.vil.nai.net
O1 - Hosts: 127.0.0.22 vil.nai.org
O1 - Hosts: 127.0.0.22 www.vil.nai.org
O1 - Hosts: 127.0.0.22 grisoft.com
O1 - Hosts: 127.0.0.22 www.grisoft.com
O1 - Hosts: 127.0.0.22 grisoft.net
O1 - Hosts: 127.0.0.22 www.grisoft.net
O1 - Hosts: 127.0.0.22 grisoft.org
O1 - Hosts: 127.0.0.22 www.grisoft.org
O1 - Hosts: 127.0.0.22 kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 kaspersky.com
O1 - Hosts: 127.0.0.22 www.kaspersky.com
O1 - Hosts: 127.0.0.22 kaspersky.net
O1 - Hosts: 127.0.0.22 www.kaspersky.net
O1 - Hosts: 127.0.0.22 kaspersky.org
O1 - Hosts: 127.0.0.22 www.kaspersky.org
O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 download.mcafee.com
O1 - Hosts: 127.0.0.22 www.download.mcafee.com
O1 - Hosts: 127.0.0.22 download.mcafee.net
O1 - Hosts: 127.0.0.22 www.download.mcafee.net
O1 - Hosts: 127.0.0.22 download.mcafee.org
O1 - Hosts: 127.0.0.22 www.download.mcafee.org
O1 - Hosts: 127.0.0.22 norton.com
O1 - Hosts: 127.0.0.22 www.norton.com
O1 - Hosts: 127.0.0.22 norton.net
O1 - Hosts: 127.0.0.22 www.norton.net
O1 - Hosts: 127.0.0.22 norton.org
O1 - Hosts: 127.0.0.22 www.norton.org
O1 - Hosts: 127.0.0.22 symantec.com
O1 - Hosts: 127.0.0.22 www.symantec.com
O1 - Hosts: 127.0.0.22 symantec.net
O1 - Hosts: 127.0.0.22 www.symantec.net
O1 - Hosts: 127.0.0.22 symantec.org
O1 - Hosts: 127.0.0.22 www.symantec.org
O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.net
O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.net
O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.org
O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.org
O1 - Hosts: 127.0.0.22 liveupdate.symantec.com
O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.com
O1 - Hosts: 127.0.0.22 liveupdate.symantec.net
O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.net
O1 - Hosts: 127.0.0.22 liveupdate.symantec.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Posted Image

BC AdBot (Login to Remove)

 


m

#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:47 AM

Posted 30 December 2006 - 08:53 AM

Download the Hoster Here and unzip it to your desktop.
Next, open the Hoster
  • Make sure that the "make hosts writable?" button in the upper right corner is checked
  • Now, click on 'back up Host files'
  • then click on 'Restore orginal host files'
  • Finally, close the hoster
* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  • Run AVG Anti-Spyware
  • From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* Next, run Ad-aware and perform a full scan. Remove everything found.
  • Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* After that, post a new hijackthis log here with the report of AVG antispyware.
Greets Jürgenv

Donation: Click me.

#3 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 04 January 2007 - 01:57 AM

hi........... I hv followed the instruction u given 2 me but the problems stil remain.
Posted Image

#4 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 04 January 2007 - 04:56 AM

Logfile of HijackThis v1.99.1
Scan saved at 5:54:39 PM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Posted Image

#5 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:47 AM

Posted 04 January 2007 - 06:17 AM

Can you post the report of AVG antispyware here?
Greets Jürgenv

Donation: Click me.

#6 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 07 January 2007 - 06:16 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:04:52 AM 1/8/2007

+ Scan result:



C:\Program Files\Bug Doctor -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\Bug Doctor Help.chm -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\BugDoctor.exe -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\BugDoctorLiveUpdate.exe -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\FixedOnMondayNovember062006092803.xml -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\FixedOnMondayOctober022006203631.xml -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\FixedOnMondayOctober162006053847.xml -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\FixedOnSaturdaySeptember302006030931.xml -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\FixedOnSaturdaySeptember302006040038.xml -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\FixedOnSundayOctober082006052624.xml -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\FixedOnWednesdayOctober112006230617.xml -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\Get Bonuses.url -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin.ini -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\LiveUpdate_disable.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\LiveUpdate_normal.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\LiveUpdate_pressed.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\LiveUpdate_rollover.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\SubMainDisable.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\SubMainNormal.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\SubMainPressed.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\SubMainRollOver.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\bug.swf -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\fix_complete-disable.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\fix_complete-normal.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\fix_complete-pressed.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\fix_complete-roll_over.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\fixing_error-disable.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\fixing_error-normal.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\fixing_error-pressed.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\fixing_error-rollover.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\main_disable.jpg -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\main_enable.jpg -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\main_pressed.jpg -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\main_roll_over.jpg -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\mask.bmp -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\mask1.bmp -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scan.swf -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scan_complete-disable.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scan_complete-normal.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scan_complete-pressed.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scan_complete-roll_over.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scancomplete.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scanning_error-disable.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scanning_error-normal.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scanning_error-pressed.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\scanning_error-rollover.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\schedule_disable.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\schedule_normal.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\schedule_pressed.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\schedule_rollover.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\skin.ini -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\support_disable.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\support_normal.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\support_pressed.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\support_rollover.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\unlock_key-disable.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\unlock_key-normal.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\unlock_key-pressed.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\skin\unlock_key-roll_over.gif -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\unins000.dat -> Adware.BugDoctor : No action taken.
C:\Program Files\Bug Doctor\unins000.exe -> Adware.BugDoctor : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bug Doctor_is1 -> Adware.BugDoctor : No action taken.
HKU\S-1-5-21-796845957-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E422F49-1566-40D3-B43D-077EF739AC32} -> Adware.Generic : No action taken.
:mozilla.182:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.193:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.22:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.23:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.24:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.25:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.62:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.605:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.606:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.607:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.295:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.296:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.114:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\user\Cookies\user@com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.721:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.794:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.372:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\user\Cookies\user@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.321:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.409:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.728:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.729:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.730:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.731:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.63:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.881:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.882:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.883:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.805:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.806:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.807:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.808:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.809:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.813:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.814:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.815:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.339:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.622:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.623:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.624:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.625:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.626:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.191:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.192:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.194:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.195:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.196:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.197:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.198:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.199:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.200:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.201:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.202:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.203:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.277:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.655:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.656:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.691:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.692:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.693:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.720:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.18:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.21:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\alz26yex.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end
Posted Image

#7 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:47 AM

Posted 08 January 2007 - 10:15 AM

The log shows: No action taken
Are you sure you've deleted eveything?
Greets Jürgenv

Donation: Click me.

#8 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 09 January 2007 - 07:38 AM

yea, i hv del those things. but still the problem remain......
Posted Image

#9 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:47 AM

Posted 09 January 2007 - 10:22 AM

Can you tell me if this folder is still present?

C:\Program Files\Bug Doctor
Greets Jürgenv

Donation: Click me.

#10 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 11 January 2007 - 04:27 AM

This folder has been deleted.
Posted Image

#11 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:47 AM

Posted 11 January 2007 - 10:14 AM

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Greets Jürgenv

Donation: Click me.

#12 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 12 January 2007 - 07:15 PM

SDFix: Version 1.58

01/13/2007 Sat - 7:59:49.60

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Name:


Path:



Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting

Normal Mode:

Checking Files:


Files will be copied to Backups folder then removed:

C:\PROGRA~1\ACER\ORBICAM\MANIFE~1.EXE - Deleted



Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Next Limit\\Maxwell\\mxcl.exe"="C:\\Program Files\\Next Limit\\Maxwell\\mxcl.exe:*:Enabled:mxcl"
"C:\\Program Files\\Next Limit\\Maxwell\\mxst.exe"="C:\\Program Files\\Next Limit\\Maxwell\\mxst.exe:*:Disabled:mxst"
"C:\\Documents and Settings\\user\\My Documents\\mxst.exe"="C:\\Documents and Settings\\user\\My Documents\\mxst.exe:*:Enabled:mxst"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe:*:Enabled:pes6.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with hidden attributes:

C:\NTDETECT.COM
C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll
C:\WINDOWS\system32\AVSredirect.dll
C:\WINDOWS\system32\cygwin1.dll
C:\WINDOWS\system32\cygz.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe
C:\WINDOWS\system32\Autorun.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys

Finished
Posted Image

#13 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:47 AM

Posted 12 January 2007 - 08:53 PM

Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.
Greets Jürgenv

Donation: Click me.

#14 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 14 January 2007 - 12:37 PM

01/15/07 00:13:27 [Info]: BlackLight Engine 1.0.55 initialized
01/15/07 00:13:27 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/15/07 00:13:28 [Note]: 7019 4
01/15/07 00:13:28 [Note]: 7005 0
01/15/07 00:13:29 [Note]: 7006 0
01/15/07 00:13:29 [Note]: 7011 600
01/15/07 00:13:30 [Note]: 7026 0
01/15/07 00:13:30 [Note]: 7026 0
01/15/07 00:13:55 [Note]: FSRAW library version 1.7.1021
01/15/07 01:33:54 [Note]: 7007 0
Posted Image

#15 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:47 AM

Posted 14 January 2007 - 01:09 PM

Can I see a new hijackthis log?
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users