Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
6 replies to this topic

#1 milly1219

milly1219

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 26 January 2007 - 05:47 PM

My default browser is google , I keep getting such sites as abcserach.com , onthenetsearch.com and others that open after I perform a specific search in google. Using windows xp & iexplorer.

log file : 26-jan-2007

Logfile of HijackThis v1.99.1
Scan saved at 4:00:01 PM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\slimyqon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbllmyz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167727397390
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 26 January 2007 - 07:45 PM

Helo milly1219,

I am SifuMike and I will be helping you. :thumbsup:

Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. :flowers:

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

********************

Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the AVG Anti-Spyware 7.5 log, the [b]BitDefender
log and a  fresh Hijackthis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 milly1219

milly1219
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 27 January 2007 - 01:07 AM

BitDefender Online Scanner



Scan report generated at: Fri, Jan 26, 2007 - 23:59:13





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
02:28:32

Files
634956

Folders
4519

Boot Sectors
3

Archives
22643

Packed Files
49309




Results

Identified Viruses
3

Infected Files
13

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
13




Engines Info

Virus Definitions
391660

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\hp\bin\Terminator.exe
Infected with: Trojan.Killapp.30208.A

C:\hp\bin\Terminator.exe
Disinfection failed

C:\hp\bin\Terminator.exe
Deleted

C:\RECYCLER\S-1-5-21-3836953440-1014457256-1272272117-1003\Dc2.exe
Infected with: Backdoor.Rbot.AP

C:\RECYCLER\S-1-5-21-3836953440-1014457256-1272272117-1003\Dc2.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-3836953440-1014457256-1272272117-1003\Dc2.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP136\A0093432.exe
Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP136\A0093432.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP136\A0093432.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP137\A0099601.exe
Infected with: Backdoor.Rbot.AP

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP137\A0099601.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP137\A0099601.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP140\A0104517.exe
Infected with: Trojan.Downloader.Agent.ASO

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP140\A0104517.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP140\A0104517.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0106137.exe
Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0106137.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0106137.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0111231.exe
Infected with: Trojan.Downloader.Agent.ASO

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0111231.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0111231.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0111232.exe
Infected with: Backdoor.Rbot.AP

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0111232.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0111232.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP145\A0131497.exe
Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP145\A0131497.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP145\A0131497.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP148\A0141302.exe
Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP148\A0141302.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP148\A0141302.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP149\A0152320.exe
Infected with: Backdoor.Rbot.AP

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP149\A0152320.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP149\A0152320.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP150\A0162815.exe
Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP150\A0162815.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP150\A0162815.exe
Deleted

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP150\A0162816.exe
Infected with: Backdoor.Rbot.AP

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP150\A0162816.exe
Disinfection failed

C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP150\A0162816.exe
Deleted

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 27 January 2007 - 01:15 AM

Hi Milly,

Looks like BitDefender removed some viruses. :thumbsup:

You forgot to post the AVG antispyware log and a fresh Hijackthis log. :flowers:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 milly1219

milly1219
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 27 January 2007 - 11:16 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:09:06 AM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Owner\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbllmyz.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

_______________________________________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 10:09:06 AM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Owner\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbllmyz.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

_________________________________________________________________________________________


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:54:21 AM 1/27/2007

+ Scan result:



C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{CDC7D5C3-8869-4D1B-80FB-B7B5E7D3326C}\{426DC875-427D-4AFC-B3EF-2CE18F4E1D4B}.tmp/{426DC875-427D-4AFC-B3EF-2CE18F4E1D4B}.tmp -> Adware.Beginto : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\snapshot\MFEX-1.DAT -> Adware.Beginto : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP142\snapshot\MFEX-1.DAT -> Adware.Beginto : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP143\snapshot\MFEX-1.DAT -> Adware.Beginto : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP144\snapshot\MFEX-1.DAT -> Adware.Beginto : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP145\snapshot\MFEX-1.DAT -> Adware.Beginto : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{CDC7D5C3-8869-4D1B-80FB-B7B5E7D3326C}\{17B77CF4-9D12-41EC-8F5A-73C8A2F78C4D}.exe/{17B77CF4-9D12-41EC-8F5A-73C8A2F78C4D}.exe -> Adware.Mirar : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{CDC7D5C3-8869-4D1B-80FB-B7B5E7D3326C}\{40A23E34-924C-4134-9174-273463436F84}.tmp/{40A23E34-924C-4134-9174-273463436F84}.tmp/NNBar_VCSetup_876088_log.exe -> Adware.Mirar : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{CDC7D5C3-8869-4D1B-80FB-B7B5E7D3326C}\{59E40BBB-8EA6-4C44-87FF-02B219DF0785}.cab/{59E40BBB-8EA6-4C44-87FF-02B219DF0785}.cab/NNBar_VCSetup_876088_log.exe -> Adware.Mirar : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP149\A0146245.exe/{17B77CF4-9D12-41EC-8F5A-73C8A2F78C4D}.exe -> Adware.Mirar : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0111244.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP144\A0126366.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP145\A0133480.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP148\A0138055.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP149\A0152331.exe -> Adware.SaveNow : Cleaned.
C:\WINDOWS\mirar_distro_876088.exe -> Adware.SaveNow : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{CDC7D5C3-8869-4D1B-80FB-B7B5E7D3326C}\{2D61AD73-50CD-4431-8E7B-E4D46CB3A304}.tmp/{2D61AD73-50CD-4431-8E7B-E4D46CB3A304}.tmp -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP140\A0104413.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP140\A0104415.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0105016.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0105042.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP142\A0124264.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP142\A0124275.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP143\A0124561.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP143\A0124621.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP144\A0125142.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP144\A0125192.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP145\A0128784.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP145\A0128803.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP145\A0130567.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP145\A0130667.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP146\A0136012.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP146\A0136029.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP147\A0136449.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP147\A0136454.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP148\A0140502.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP148\A0140759.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP149\A0144604.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP149\A0145660.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP149\A0160429.dll -> Downloader.Age : Cleaned.
C:\WINDOWS\system32\Netverchk.exe -> Downloader.Age : Cleaned.
C:\WINDOWS\system32\tcbllmyz.dll -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP141\A0118150.exe -> Downloader.Age.c : Cleaned.
C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP149\A0159239.exe -> Downloader.Age.c : Cleaned.
C:\WINDOWS\system32\CAUnst.exe -> Downloader.Age.c : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{6BF162B5-E9B2-4AD6-9592-63CE2147DFE4}.txt/{6BF162B5-E9B2-4AD6-9592-63CE2147DFE4}.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{D1BA3A24-A592-4FEF-9DFD-86F5B0488BBB}.txt/{D1BA3A24-A592-4FEF-9DFD-86F5B0488BBB}.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{E326DBA5-730C-44BD-B1A1-11E534AA360C}.txt/{E326DBA5-730C-44BD-B1A1-11E534AA360C}.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{7FF71F3D-49F9-49F2-A1B3-AF4924500EE3}.txt/{7FF71F3D-49F9-49F2-A1B3-AF4924500EE3}.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{91218BD9-7F4F-4D7B-900A-AA51D89FC570}.txt/{91218BD9-7F4F-4D7B-900A-AA51D89FC570}.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{A9CA178D-12C5-4CD8-A42F-E8608D331909}.txt/{A9CA178D-12C5-4CD8-A42F-E8608D331909}.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{C3EAA3A1-D57F-47E2-9C18-39D3B73D1658}.txt/{C3EAA3A1-D57F-47E2-9C18-39D3B73D1658}.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{CC3A8316-1A6E-4D99-BA86-A4100EAF1DC5}.txt/{CC3A8316-1A6E-4D99-BA86-A4100EAF1DC5}.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{D626D616-11C5-40DB-8536-2C15F591B94C}.txt/{D626D616-11C5-40DB-8536-2C15F591B94C}.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{A91963FC-8D0F-4B1B-A586-2B363978E567}.txt/{A91963FC-8D0F-4B1B-A586-2B363978E567}.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{57329B45-7DD0-46C6-AD12-141936D706C6}.txt/{57329B45-7DD0-46C6-AD12-141936D706C6}.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{A1336AA2-CE09-409F-82DC-1539D2629CF4}.txt/{A1336AA2-CE09-409F-82DC-1539D2629CF4}.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{09446AA5-93E6-4DE7-8E64-AC04C52761C1}.txt/{09446AA5-93E6-4DE7-8E64-AC04C52761C1}.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{334AF346-052E-4D20-9EB0-1763781DCD6C}.txt/{334AF346-052E-4D20-9EB0-1763781DCD6C}.txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{3D4171E9-6A36-4392-AA0F-B626C1C32998}.txt/{3D4171E9-6A36-4392-AA0F-B626C1C32998}.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{86EFD52A-51B4-428F-83EC-F5A8DF7D8D35}.txt/{86EFD52A-51B4-428F-83EC-F5A8DF7D8D35}.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{FE1C887F-6EF5-43C3-8F9E-3191C57558D8}.txt/{FE1C887F-6EF5-43C3-8F9E-3191C57558D8}.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{CF816539-6EFE-4013-8CCB-7E1E2CB966B9}.txt/{CF816539-6EFE-4013-8CCB-7E1E2CB966B9}.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{6080D57B-4633-42ED-AB65-7BB8DA23118B}.txt/{6080D57B-4633-42ED-AB65-7BB8DA23118B}.txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{2631CFEA-6420-4B88-A36E-C0A72E12508A}.txt/{2631CFEA-6420-4B88-A36E-C0A72E12508A}.txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{0BE9E52F-D64A-475E-9749-7459B4D58296}.txt/{0BE9E52F-D64A-475E-9749-7459B4D58296}.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{5EA2014B-875B-43F0-BFD4-50D51871FC3E}.txt/{5EA2014B-875B-43F0-BFD4-50D51871FC3E}.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{247D410F-8B06-4604-96F5-1A0424FBE9FB}.txt/{247D410F-8B06-4604-96F5-1A0424FBE9FB}.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{45794EC4-4B16-4C06-9E7E-4CC1CAF8F3FF}.txt/{45794EC4-4B16-4C06-9E7E-4CC1CAF8F3FF}.txt -> TrackingCookie.Overture : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{ABF6DB82-F4DB-4651-9D15-CF3558C0AFA0}.txt/{ABF6DB82-F4DB-4651-9D15-CF3558C0AFA0}.txt -> TrackingCookie.Overture : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{7501AFA2-D604-46AD-8D3F-0347C9EFF2BC}.txt/{7501AFA2-D604-46AD-8D3F-0347C9EFF2BC}.txt -> TrackingCookie.Overture : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{C373FAA8-288D-4CA1-B9EF-DF77D378F881}.txt/{C373FAA8-288D-4CA1-B9EF-DF77D378F881}.txt -> TrackingCookie.Overture : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{CC7AAE31-766A-46B3-9A05-A5B4A328FDEA}.txt/{CC7AAE31-766A-46B3-9A05-A5B4A328FDEA}.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{C13AA217-7F45-4ECE-AFCD-CDAF3D5ED9F5}.txt/{C13AA217-7F45-4ECE-AFCD-CDAF3D5ED9F5}.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{31D2FF68-FE00-4CAB-B645-76AFCEA4C88A}.txt/{31D2FF68-FE00-4CAB-B645-76AFCEA4C88A}.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{93EA401A-5169-41EB-9805-DA92A2B3EECC}\{EC88B048-88DF-45FD-BA42-3B8C1C9D62EA}.txt/{EC88B048-88DF-45FD-BA42-3B8C1C9D62EA}.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{9DAAFA8A-4750-4969-9E2A-279D87FB3CCF}.txt/{9DAAFA8A-4750-4969-9E2A-279D87FB3CCF}.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D1335CA5-5747-4F59-996A-97145E0D24C1}\{FB30E495-45F4-4854-A4FD-353CF59313D8}.txt/{FB30E495-45F4-4854-A4FD-353CF59313D8}.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

At least the scans didn't take too long ! :thumbsup: . I can't tell if anythings been fixed , I'll try a new serach .

Thanks
Chris M

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 27 January 2007 - 01:03 PM

Hi Chris M,

AVG Antispyware removed some of the malware on your computer. :thumbsup:


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



Please boot into Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

This fix is intended for this user's computer only!!

O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbllmyz.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


*******************************************

Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Don't use the windows start\search feature
Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.

Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\WINDOWS\ALCXMNTR.EXE <==file

This fix is intended for this user's computer only!!


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Finally, reboot to the Normal Mode and post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 03 February 2007 - 12:57 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users