Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log - Msvcrl.dll Disallowing My Ie To Open


  • This topic is locked This topic is locked
25 replies to this topic

#1 jskf01

jskf01

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 09 March 2007 - 02:14 AM

below is my log.My IE will not open cos the message saying '“ this application has failed to start because msvcrl.dll was not found re installing the application may fix this problem” Help is much appreciated thaks. I cant find the file msvcrl.dll in my pc so does that mean my pc is ok its just that i cant use IE or am in genuine danger?thanks.


Logfile of HijackThis v1.99.1
Scan saved at 6:04:55 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\algs6.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRAM FILES\MINIXTLUSAGE\MINIXTLUSAGE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Justin Fung\Desktop\utorrent.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Justin Fung\Desktop\HT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ihouse.uow.edu.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.uow.edu.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.uow.edu.au; *.uow.speedlink.com.au; uni2.speedlink.com.au; 130.130.*.*; 203.220.71.*;<local>
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SvcManager] algs6.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [MiniXTLUsage] "C:\PROGRAM FILES\MINIXTLUSAGE\MINIXTLUSAGE.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: pptp32 - pptp32.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Microsoft Corporation - Unknown owner - C:\WINDOWS\utorrent.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 09 March 2007 - 03:52 AM

Welcome to BleepingComputer jskf01 :thumbsup:

Please move HijackThis to a permanent folder on the hard drive such as C:\HJT.
Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary.
If you run Hijackthis from the desktop, the files it removes will not be backed up properly.

How to create a new folder named HJT
1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:
2. From the 'File' menu choose 'New'.
3. From the 'New' menu choose 'Folder'.
4. Type the folder name: HJT
5. Then press Enter.

***********************

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

***********************

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.Also post a new Hijackthis log please.

Edited by RichieUK, 09 March 2007 - 03:56 AM.

Posted Image
Posted Image

#3 jskf01

jskf01
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 09 March 2007 - 04:44 AM

ok ive done as asked and here is the log from sdfix


SDFix: Version 1.70

Run by Justin Fung - Fri 03/09/2007 / 20:37:04.34

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:





Killing PID 156 'smss.exe'
Killing PID 240 'winlogon.exe'

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\Documents and Settings\Justin Fung\Local Settings\Temp\mst77.bat - Deleted
C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\setup.exe - Deleted
C:\WINDOWS\system32\rpcc.dll - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Justin Fung\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Justin Fung\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"c:\\windows\\system32\\algs6.exe"="c:\\windows\\system32\\algs6.exe:*:Enabled:algs6"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Justin Fung\Local Settings\Temp\Dll151.tmp

Add/Remove Programs List:

Adobe Shockwave Player
ATI - Software Uninstall Utility
AnyDVD
ATI Display Driver
AVG 7.5
AVG Anti-Spyware 7.5
Canon PIXMA iP1000
Intel A/V Codecs V2.0
DG834
Remove DivX Codec
DivX Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Platinum 3.0.5.0 Ghosthunter release
Easy-WebPrint
ESPNMotion
FLV Player 1.3.3
Free Download Manager 2.1
HijackThis 1.99.1
Canon Camera Window for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon RemoteCapture Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
iolo technologies' System Mechanic 5 Professional
K-Lite Codec Pack 2.66 Full
Mini Exetel Usage Meter Setup
Mozilla Firefox (1.5.0.10)
Nero 6 Ultra Edition
NVIDIA Drivers
Panda ActiveScan
RealPlayer
SAMSUNG CDMA Modem Driver Set
Samsung Mobile USB Modem Software
SAMSUNG Mobile USB Modem 1.0 Software
Adobe Flash Player 9 ActiveX
Spyware Doctor 3.2
Creative System Information
VideoLAN VLC media player 0.8.5
Winamp (remove only)
WinPcap 3.01 alpha
WinRAR archiver
WinZip
WinZip Self-Extractor
Zinio Reader
ATI Control Panel
Microsoft Project 2000
ABITEQ
Logitech SetPoint
Java™ SE Runtime Environment 6
ATI HydraVision
WIDCOMM Bluetooth Software
iTunes
QuickTime
Diskeeper Professional Edition
USB Vibration Joystick
ACDSee 6.0 PowerPack Trial
Windows Genuine Advantage v1.3.0254.0
Samsung PC Studio
PowerDVD
Microsoft Office XP Professional with FrontPage
Camera Window
Microsoft Visual C++ 2005 Redistributable
Apple Software Update
Mobile Phone Suite Easy Synchronization
Adobe Reader 7.0.9
Canon PhotoRecord
PhotoStitch
Canon Utilities ZoomBrowser EX
Microsoft .NET Framework 1.1
MSN Messenger 7.5
NvMixer
KhalSetup
RemoteCapture Task 1.0.1
RAW Image Task

Finished







and here is the HT log i got after running sdfix

Logfile of HijackThis v1.99.1
Scan saved at 8:44:33 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\UIUCU.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRAM FILES\MINIXTLUSAGE\MINIXTLUSAGE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ihouse.uow.edu.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.uow.edu.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.uow.edu.au; *.uow.speedlink.com.au; uni2.speedlink.com.au; 130.130.*.*; 203.220.71.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [MiniXTLUsage] "C:\PROGRAM FILES\MINIXTLUSAGE\MINIXTLUSAGE.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: pptp32 - pptp32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Microsoft Corporation - Unknown owner - C:\WINDOWS\utorrent.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



what should i do now?:thumbsup:

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 09 March 2007 - 06:35 AM

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service's called:
Microsoft Corporation
Symantec Core LC

When you find them, double-click on them.
In the next window that opens, click their 'Stop' buttons.
Then change their 'Startup Type''s to 'Disabled'.
Now press Apply and then Ok and close any open windows.

*****************************

Download DelDomains.zip and extract/unzip it to your desktop:
Now right click on Deldomains.inf 'Install'.
After right clicking on Deldomains.inf 'Install' it will have appeared nothing happened,this is normal.

*****************************

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - Startup: PowerReg Scheduler.exe
O20 - Winlogon Notify: pptp32 - pptp32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Microsoft Corporation - Unknown owner - C:\WINDOWS\utorrent.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

****************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
Also post the AVG Anti Spyware report and a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#5 jskf01

jskf01
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 09 March 2007 - 09:46 AM

with the bit defender part do i HAVE to use IS to run it.what if i cant open IE at that time?

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 09 March 2007 - 10:19 AM

Do what you can,let me know how you got on please.
Posted Image
Posted Image

#7 jskf01

jskf01
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 09 March 2007 - 08:37 PM

it wont let me use bitdefender unless i use IE to do so.it keeps askin me to dload the latest version of IE but i still cant open ie at the moment

however here is my avg report

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:32:03 PM 3/10/2007

+ Scan result:



C:\System Volume Information\_restore{81F3F24A-2251-4689-945C-BF7E0F961C96}\RP580\A0102514.exe -> Backdoor.Bifrose.la : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{81F3F24A-2251-4689-945C-BF7E0F961C96}\RP553\A0096554.exe -> Not-A-Virus.Hacktool.EvID : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{81F3F24A-2251-4689-945C-BF7E0F961C96}\RP532\A0095385.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.222:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.223:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.224:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.160:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.161:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.165:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.166:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.167:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.213:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.215:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.216:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.177:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.228:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.250:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.251:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.252:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.182:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.183:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.184:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.185:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.186:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.26:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.157:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.158:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.159:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.74:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.245:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.246:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.248:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.249:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.18:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.20:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Justin Fung\Cookies\justin fung@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.239:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.240:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.151:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.152:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.100:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.101:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.96:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.97:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.98:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.99:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.33:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.34:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.35:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.36:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.95:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.129:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.130:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.131:C:\Documents and Settings\Justin Fung\Application Data\Mozilla\Firefox\Profiles\iey9xxp4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 10 March 2007 - 03:54 AM

Go here and try the following,if successful then run BitDefender Online Scanner.
Repair Internet Explorer 6:
http://www.theeldergeek.com/repair_ie6.htm

Let me know how you get on.
Posted Image
Posted Image

#9 jskf01

jskf01
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 10 March 2007 - 04:52 AM

i cant do that at the moment cos i cant find my xp cd as yet cos im using this pc overseas and did not bring that cd:((( any other way around this?

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 10 March 2007 - 05:02 AM

Download\install Internet Explorer 7 from here:
http://www.microsoft.com/windows/products/...ie/default.mspx

Let me know whats happening now please.
Posted Image
Posted Image

#11 jskf01

jskf01
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 10 March 2007 - 06:41 AM

ie is working fine now.however on the top bar where u type in the web addresses there is no file or edit or view tabs for me to click to configure IE.I dont know if this is the way its supposed to be or am i missing somehting here.anyway what else do i do now.do i run bitdefender now and hjt again after that?

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 10 March 2007 - 06:50 AM

Right click on a blank area on the IE7 toolbar at the top and place a check at 'Menu Bar',that should do it.
Now are you able to run the BitDefender Online Scan please.
Posted Image
Posted Image

#13 jskf01

jskf01
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 10 March 2007 - 07:02 AM

it doesnt help cos the scan requires the xp cd and i dont have it.

#14 jskf01

jskf01
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 10 March 2007 - 07:04 AM

and that menu thing u told me doesnt work.i right clicked everywhere nothings happening just getting options like 'maximize', 'restore' etc...also i cant seem to do tabbed browsing even though i have enabled it..the Open in new tab option is faded for some reason so i cant select it.and also wen i shift and click on a link it just opens in a new window and not tab.but anyway doesnt matter i just wanna know is my IE fixed and security wise am i ok?cos i use firefox anyway.

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 10 March 2007 - 07:09 AM

Ok,reboot and post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users