Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With A Number Of Viruses


  • This topic is locked This topic is locked
21 replies to this topic

#1 huehefner

huehefner

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 29 May 2007 - 03:48 PM

Bit defender actually did finish the scan...i have the information below for that if it helps.. panda and trend micro had detected more viruses than it.. but unfortunately they crashed..


BitDefender Online Scanner - Real Time Virus Report
Generated at: Mon, May 28, 2007 - 22:36:33
________________________________________
Scan Info
Scanned Files 2159049
Infected Files 25


Virus Detected
Application.Adware.NewDotNet.B.Dropper 4
Trojan.Downloader.Small.BKE 4
Trojan.Downloader.Small.DQ 4
Win32.Worm.VB.DW 5
VBS.Small.P 2
Trojan.BAT.Autorun.A 1
Exploit.XMLCoreSrv.A 1
Generic.Malware.E!.C3DBF86D 1
Trojan.FatObfus.Gen 1
Generic.Adw.SaveNow.56AD4696 1
Exploit.JS.BO.D 1



________________________________________
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.



Now here is the hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 4:29:06 PM, on 5/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161304261765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...8b3e6671c0f0c1f
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: XCP DRM Server ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:10 PM

Posted 30 May 2007 - 04:53 PM

Hello huehefner,

I am SifuMike and I will be helping you. :thumbsup:


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix.

To disable Norton AntiVirus Script Blocking
Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options. If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK

Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

***********************



Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.


1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on AVG antispyware in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update".
If you are having problems with the updater, manually update with the AVG Antispyware Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the ComboFix log, the [b]AVG Anti-Spyware 7.5
log and a fresh Hijackthis log.

Edited by SifuMike, 30 May 2007 - 04:57 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 huehefner

huehefner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 31 May 2007 - 12:22 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:06:30 AM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161304261765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...8b3e6671c0f0c1f
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: XCP DRM Server ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



____________________________________________________________________________________________________

"Admin" - 2007-05-30 21:44:19 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Admin\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 ))))))))))))))))))))))))))))))))))


2007-05-30 11:29 <DIR> d-------- C:\Program Files\iolo
2007-05-30 11:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-05-30 11:29 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\iolo
2007-05-29 10:21 <DIR> d-------- C:\{8000126E-0000-0000-DE05-DE0626BA1EE3}
2007-05-28 23:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-28 18:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-28 10:35 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-27 21:58 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-27 19:33 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-27 19:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-27 18:57 <DIR> d-------- C:\cef4a23ee17c5ea8e51a171ce4d959
2007-05-25 22:52 <DIR> d-------- C:\Program Files\StrategyBuilderFX 4
2007-05-24 22:07 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-05-24 21:02 <DIR> d-------- C:\Program Files\XCP Service Pack 3
2007-05-23 22:50 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\MailFrontier
2007-05-23 22:20 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\InstallShield
2007-05-21 16:38 786,432 --ah----- C:\Documents and Settings\ADMINI~1\NTUSER.DAT
2007-05-21 16:38 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-21 16:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-05-21 16:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-05-21 16:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-21 16:36 <DIR> d-------- C:\WINDOWS\pss
2007-05-21 15:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-05-15 21:41 <DIR> d-------- C:\Program Files\Avanquest update
2007-05-15 21:40 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-05-15 21:38 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-05-15 21:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-05-15 21:37 24,192 --a------ C:\DOCUME~1\Admin\usbsermptxp.sys
2007-05-15 21:37 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-05-15 21:37 22,768 --a------ C:\DOCUME~1\Admin\usbsermpt.sys
2007-05-03 13:22 <DIR> d-------- C:\Program Files\BillP Studios
2007-05-03 13:22 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\WinPatrol
2007-05-02 21:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-25 19:57 <DIR> d-------- C:\Program Files\LimeWire
2007-04-09 22:20 <DIR> d-------- C:\DOCUME~1\Admin\.housecall6.6
2007-04-09 20:37 <DIR> d-------- C:\Program Files\MessengerDiscovery
2007-04-06 21:29 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-06 21:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-06 21:28 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-06 21:28 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-06 21:26 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-05 20:42 <DIR> d-------- C:\Program Files\50CentOfficial
2007-04-05 00:22 <DIR> d-------- C:\Program Files\iPod
2007-04-05 00:11 <DIR> d-------- C:\Program Files\Apple Software Update
2007-04-04 23:26 <DIR> d-------- C:\Program Files\iLike
2007-04-04 23:26 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\iLike
2007-04-03 06:49 <DIR> dr-h----- C:\DOCUME~1\Guest\APPLIC~1\yahoo!
2007-04-03 06:26 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\MySpace


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 15:19:52 -------- d-----w C:\Program Files\iTunes
2007-05-28 15:19:52 -------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-05-28 15:19:30 -------- d-----w C:\Program Files\Apoint2K
2007-05-28 15:18:44 -------- d-----w C:\Program Files\Google
2007-05-26 14:38:16 -------- d-----w C:\Program Files\PokerStars
2007-05-25 01:45:58 -------- d-----w C:\Program Files\InterVideo
2007-05-25 01:02:52 466,944 ----a-w C:\WINDOWS\system32\AXPSupport.dll
2007-05-24 03:37:20 5 ----a-w C:\WINDOWS\system32\SySMP3CutJoin.dat
2007-05-16 01:41:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-03 18:00:20 -------- d-----w C:\Program Files\PrintMaster 16
2007-05-03 17:52:04 -------- d-----w C:\Program Files\Slide
2007-05-03 17:50:27 -------- d-----w C:\Program Files\Real
2007-05-03 17:43:51 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-03 17:40:04 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-03 17:39:34 -------- d--h--w C:\Program Files\Zero G Registry
2007-05-03 17:36:04 -------- d-----w C:\Program Files\efonica softphone
2007-05-03 17:34:56 -------- d-----w C:\Program Files\Corel Graphics 12
2007-05-03 02:21:56 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Google
2007-04-22 03:03:18 -------- d-----w C:\Program Files\MSN Messenger
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-08 12:35:50 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Symantec
2007-04-07 02:06:16 -------- d-----w C:\Program Files\Symantec
2007-03-30 21:12:39 -------- d-----w C:\Program Files\Motorola Mobile Phone Tools 4.0 Full for free
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 15:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-05-02 21:04]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 16:04]
{fc56fc30-367d-44ee-bbf5-5121868dc3a6}=C:\Program Files\50CentOfficial\tb50Ce.dll [2007-03-19 12:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-07 23:40]
"AGRSMMSG"="AGRSMMSG.exe" []
"nwiz"="nwiz.exe" [2004-04-07 15:22 C:\WINDOWS\system32\nwiz.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 15:50]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-24 09:48]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 13:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 01:06]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-02 21:04]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5d4780-8b1d-11db-b83b-00904bb771ce}]
AutoRun\command- F:\
explore\Command- WScript.exe .\autorun.vbs
open\Command- WScript.exe .\autorun.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9f881f4-ecc6-11db-b8e5-000fb04582f1}]


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-30 21:48:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

cmd.exe [9532]


scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?4?5?4??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-30 21:50:03

--- E O F ---


____________________________________________________________________________________________________




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:44:40 AM 5/31/2007

+ Scan result:



C:\Documents and Settings\Admin\My Documents\My Received Files\sinstaller2.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Shared\spyware bot crack.zip/BitDownload-setup_crack.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.240:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.333:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.935:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.283:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.284:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.285:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.286:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.287:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.288:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.650:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.738:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.739:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.400:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.393:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.394:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.395:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.372:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.373:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.374:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.375:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.376:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.377:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.378:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.407:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.408:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.409:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.410:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.411:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.396:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.397:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.398:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.468:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.470:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.471:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.227:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.228:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.229:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.247:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.825:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.280:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.281:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.282:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.296:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.297:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.302:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.303:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.304:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.328:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.329:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.330:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.331:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.332:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.340:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.341:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.342:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.343:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.344:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.345:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.346:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.347:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.348:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.349:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.350:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.351:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.352:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.353:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.354:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.413:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.414:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.415:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.416:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.417:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.35:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.553:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.554:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.555:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.556:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.557:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.558:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.435:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.438:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.459:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.460:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.461:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.462:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.463:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.552:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.495:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.496:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.497:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.498:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.91:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.528:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.529:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.530:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.531:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.532:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.533:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.534:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.535:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.536:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.537:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.541:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.334:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.335:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.336:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.337:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.338:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.580:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.581:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.582:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.583:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.584:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.625:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.626:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.925:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.937:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.938:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ut2cpvv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 31 May 2007 - 03:26 AM

Hi huehefner,

I merged your second log with your original thread (Topic). When you post follow up logs, please stick to the same thread. Just click the Add Reply button to the original Topic. Do not create a new topic for your reply. This will cause confusion and a delay in the help you are receiving.

Please subscribe to this topic so you get an email notice and a link to it when you get a response. To do that click on the Options box toward the top right of your topic (just underneath Add Reply and New Topic). Then click on Track this topic, put a dot next to Immediate Email Notification, then scroll down and click Proceed.

Or, when you visit the forum, click on My Topics toward the top of any bleepingcomputer forum page. Thanks!

SifuMike will be with you when he is available.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:10 PM

Posted 31 May 2007 - 10:54 AM

Hi huehefner,

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player




If you uninstalled it, please navigate to and delete the following folder

C:\Program Files\Viewpoint <==folder


***********************


I see this service in your log:

O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe


If you have this service, then there is a good chance you also have the Sony XPC DRM rootkit. Please the use the following rootkit removal instructions How to remove the Sony - XCP DRM Rootkit



***********************

You have a suspicious file we need to check.

You will need to configure Windows to show Hidden files.

Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\Program Files\50CentOfficial\tb50Ce.dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.

Once scanned, copy and paste the results also in your next reply.

I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to an hour to reply.
You can copy/paste the results of Virus Total scan log here along with a fresh Hijackthis log.

Edited by SifuMike, 31 May 2007 - 10:55 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 huehefner

huehefner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 01 June 2007 - 07:43 AM

i cant seem to get the sony root kit remove..neithier manually or automatically..i think in the pass i tried to but i cant rem what i used but i rem going on the hp web site and getting a health scan and they recognized it but i guest the program i used from them did not remove the entire rootkit is they another way or shall i go on with the next step???

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:10 PM

Posted 01 June 2007 - 08:13 AM

That site has all the information you need to remove it, if you have it on your computer. All you have to do is read it and follow the insrucitons. Do the manual deletion and you should be OK.

Go on to the next step.

Edited by SifuMike, 01 June 2007 - 08:21 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 huehefner

huehefner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 01 June 2007 - 11:54 PM

this is the VT scan



Complete scanning result of "tb50Ce.dll", received in VirusTotal at 06.02.2007, 06:36:25 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
AntiVir 7.4.0.29 06.01.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.01.2007 no virus found
AVG 7.5.0.467 06.01.2007 no virus found
BitDefender 7.2 06.02.2007 no virus found
CAT-QuickHeal 9.00 06.01.2007 no virus found
ClamAV devel-20070416 06.02.2007 no virus found
DrWeb 4.33 06.01.2007 no virus found
eSafe 7.0.15.0 05.31.2007 no virus found
eTrust-Vet 30.7.3684 06.02.2007 no virus found
Ewido 4.0 06.01.2007 no virus found
FileAdvisor 1 06.02.2007 No threat detected
Fortinet 2.85.0.0 06.02.2007 no virus found
F-Prot 4.3.2.48 06.01.2007 no virus found
F-Secure 6.70.13030.0 06.01.2007 no virus found
Ikarus T3.1.1.8 06.01.2007 no virus found
Kaspersky 4.0.2.24 06.02.2007 no virus found
McAfee 5044 06.01.2007 no virus found
Microsoft 1.2503 06.02.2007 no virus found
NOD32v2 2305 06.01.2007 no virus found
Norman 5.80.02 06.01.2007 no virus found
Panda 9.0.0.4 06.01.2007 no virus found
Prevx1 V2 06.02.2007 no virus found
Sophos 4.18.0 06.01.2007 no virus found
Sunbelt 2.2.907.0 05.30.2007 VSToolbar
Symantec 10 06.02.2007 no virus found
TheHacker 6.1.6.128 05.31.2007 no virus found
VBA32 3.12.0 06.01.2007 no virus found
VirusBuster 4.3.23:9 06.01.2007 no virus found
Webwasher-Gateway 6.0.1 06.02.2007 no virus found


Aditional Information
File size: 1297432 bytes
MD5: 387beeccbc28fe61336e3fe1f3d3f21d
SHA1: efd3a7a22c026f237a46046bde12d81b2d804543
Bit9 info: http://fileadvisor.bit9.com/services/extin...36e3fe1f3d3f21d
Sunbelt info: VSToolbar is an adware application that installs a browser helper object (BHO) in Internet Explorer.



hijack this log??

Logfile of HijackThis v1.99.1
Scan saved at 12:46:06 AM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161304261765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...8b3e6671c0f0c1f
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:10 PM

Posted 02 June 2007 - 11:46 AM

Hi huehefner,

Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

In Normal Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...8b3e6671c0f0c1f


This is an optional fix. The following is not necessarily spyware/malware, but I suggest you place a check mark next to the following entry, as this program may be taking up system resources.

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Finally, reboot your computer, post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 huehefner

huehefner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 03 June 2007 - 01:03 PM

well it seems a lil better now.. but the laptop still keeps turning off by it's self even though i have open it and clean it.. sometimes when i set it to last known good configuration it still keeps crashing on its own..

Logfile of HijackThis v1.99.1
Scan saved at 1:45:59 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161304261765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Attached Files



#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:10 PM

Posted 03 June 2007 - 02:12 PM

Hi huehefner,

I am not seeing any malware in your Hijackthis log. :thumbsup:

but the laptop still keeps turning off by it's self even though i have open it and clean it


Is this a recent occurance (closing by its self)? Your first post said you had viruses, nothing about closing its self.

Sounds like it may be a hardware, memory or driver problem.

Do you have the Windows Install CD?

How much RAM on this computer?

To see how much RAM is in your computer:
Go to the Start menu, click Settings, and then click Control Panel. Click System and then select the General tab. At the bottom of the page you should see the amount of RAM.

For Windows XP you need 512 MB. If you're gaming, anywhere from 512 MB to 1 GB RAM, but extreme gamers will need even more.
You'll also need more RAM if you're using a lot of applications at the same time, such as desktop publishing and video rendering.



You have two registry protectors running Anti-Spyware guard and WinPatrol. You will need to disable them while we use hijackthis.

To disable WinPatrol:
Right-click the running icon of Winpatrol in the system tray and choose exit. It will automatically restart at next boot.

To disable AVG Antispyware guard:
Open AVG Antispyware and in the main window click "Resident Shield", then toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
When you reboot, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the guard?".
Reply 'No' and set it to 'inactive'

You can enable one of them after you use Hijackthis. You should not run two registry protectors at the same time, as they will slow your computer.

In Normal Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Run CCleaner.

Reboot your computer.

Run ComboFix again.

Post the ComboFix log along with a fresh Hijackthis log. Please do not attach any logs, as they are harder to read that way.

Edited by SifuMike, 03 June 2007 - 02:33 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 huehefner

huehefner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 04 June 2007 - 07:05 PM

i have 512 mb of ram..

i had posted a topic in may when i first started about the pc trouble i was having in the what do i do forum and when i cleaned the pc and realised it was still cutting out i then prepared for a hijack this log.. as you have already realise i didnt know much about the site..plus the pc cuts out at intervals..so i try to be quick and to the point.. oh and i do not have the cd..but i think i may be able to obtain one..

"Admin" - 2007-06-04 9:13:32 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Admin\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 ))))))))))))))))))))))))))))))))))


2007-06-02 13:18 <DIR> d-------- C:\Program Files\CCleaner
2007-05-30 21:06 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-30 20:50 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-30 10:29 <DIR> d-------- C:\Program Files\iolo
2007-05-30 10:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-05-30 10:29 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\iolo
2007-05-29 09:21 <DIR> d-------- C:\{8000126E-0000-0000-DE05-DE0626BA1EE3}
2007-05-28 22:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-28 17:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-28 09:35 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-27 20:58 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-27 18:33 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-27 18:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-27 17:57 <DIR> d-------- C:\cef4a23ee17c5ea8e51a171ce4d959
2007-05-25 21:52 <DIR> d-------- C:\Program Files\StrategyBuilderFX 4
2007-05-24 21:07 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-05-23 21:50 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\MailFrontier
2007-05-23 21:20 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\InstallShield
2007-05-21 15:38 786,432 --ah----- C:\Documents and Settings\ADMINI~1\NTUSER.DAT
2007-05-21 15:38 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-21 15:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-05-21 15:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-05-21 15:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-21 15:36 <DIR> d-------- C:\WINDOWS\pss
2007-05-21 14:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-05-15 20:41 <DIR> d-------- C:\Program Files\Avanquest update
2007-05-15 20:40 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-05-15 20:38 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-05-15 20:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-05-15 20:37 24,192 --a------ C:\DOCUME~1\Admin\usbsermptxp.sys
2007-05-15 20:37 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-05-15 20:37 22,768 --a------ C:\DOCUME~1\Admin\usbsermpt.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 13:17:46 -------- d-----w C:\Program Files\50CentOfficial
2007-05-28 15:19:52 -------- d-----w C:\Program Files\iTunes
2007-05-28 15:19:52 -------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-05-28 15:19:30 -------- d-----w C:\Program Files\Apoint2K
2007-05-28 15:18:44 -------- d-----w C:\Program Files\Google
2007-05-26 14:38:16 -------- d-----w C:\Program Files\PokerStars
2007-05-25 01:45:58 -------- d-----w C:\Program Files\InterVideo
2007-05-24 03:37:20 5 ----a-w C:\WINDOWS\system32\SySMP3CutJoin.dat
2007-05-16 01:41:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-13 23:22:30 -------- d-----w C:\Program Files\MessengerDiscovery
2007-05-03 18:00:20 -------- d-----w C:\Program Files\PrintMaster 16
2007-05-03 17:52:04 -------- d-----w C:\Program Files\Slide
2007-05-03 17:50:27 -------- d-----w C:\Program Files\Real
2007-05-03 17:43:51 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-03 17:40:04 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-03 17:39:34 -------- d--h--w C:\Program Files\Zero G Registry
2007-05-03 17:36:04 -------- d-----w C:\Program Files\efonica softphone
2007-05-03 17:34:56 -------- d-----w C:\Program Files\Corel Graphics 12
2007-05-03 17:23:37 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\WinPatrol
2007-05-03 17:22:27 -------- d-----w C:\Program Files\BillP Studios
2007-05-03 02:21:56 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Google
2007-04-25 23:57:22 -------- d-----w C:\Program Files\LimeWire
2007-04-22 03:03:18 -------- d-----w C:\Program Files\MSN Messenger
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-09 23:48:23 -------- d-----w C:\Program Files\Apple Software Update
2007-04-08 12:35:50 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Symantec
2007-04-07 02:06:16 -------- d-----w C:\Program Files\Symantec
2007-04-07 01:32:56 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-05 04:22:42 -------- d-----w C:\Program Files\iPod
2007-04-05 03:26:54 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\iLike
2007-04-05 03:26:45 -------- d-----w C:\Program Files\iLike
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-09 04:02:00 75,512 ----a-w C:\WINDOWS\zllsputility.exe
2007-03-09 04:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 14:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 02:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 11:29]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-05-02 20:04]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 15:04]
{fc56fc30-367d-44ee-bbf5-5121868dc3a6}=C:\Program Files\50CentOfficial\tb50Ce.dll [2007-03-19 11:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-07 22:40]
"AGRSMMSG"="AGRSMMSG.exe" []
"nwiz"="nwiz.exe" [2004-04-07 14:22 C:\WINDOWS\system32\nwiz.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 14:50]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-24 08:48]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 12:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-02 20:04]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 20:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5d4780-8b1d-11db-b83b-00904bb771ce}]
AutoRun\command- F:\
explore\Command- WScript.exe .\autorun.vbs
open\Command- WScript.exe .\autorun.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9f881f4-ecc6-11db-b8e5-000fb04582f1}]


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 09:18:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?4?5?4??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-04 9:19:18
C:\ComboFix2.txt ... 2007-05-30 20:50

--- E O F ---





___________________________________________________________________________________________________



Logfile of HijackThis v1.99.1
Scan saved at 9:36:40 AM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161304261765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:10 PM

Posted 04 June 2007 - 11:46 PM

Hi huehefner,

Your Hijackthis log looks clean, as does the ComboFix log. :thumbsup:


It is looking more like a hardware, software, memory or driver problem, as you are clean (of malware) so far.


Let's make sure there is no malware hiding and run two scans.

You will need to use Internet Explorer for this scan.
Disable your antivirus program and go here to run BitDefender Online Scan.
Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.

NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.


******************

Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

You already have AVG Anti-Spyware 7.5 installed, so I want you to update it and run it in the Safe Mode.

Select the "Update" button and click "Start update".
If you are having problems with the updater, manually update with the AVG Antispyware Full database installer from here.
Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the BitDefender log, the [b]AVG Anti-Spyware 7.5
log and a fresh Hijackthis log.

Edited by SifuMike, 04 June 2007 - 11:55 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 huehefner

huehefner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 06 June 2007 - 07:41 AM

hi sifu mike ..i want to thank you for your help so far.. :thumbsup:

i see that i also have traces of norton still on my pc when i scanned with bit defender..should i remove that..because i have avg antivirus...

____________________________________________________________________________________________________




BitDefender Online Scanner



Scan report generated at: Tue, Jun 05, 2007 - 21:37:37





Scan path: C:\;D:\;







Statistics

Time
01:16:19

Files
266215

Folders
6529

Boot Sectors
2

Archives
10372

Packed Files
11866




Results

Identified Viruses
3

Infected Files
5

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
5




Engines Info

Virus Definitions
512012

Engine build
AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Boot Screens\1165.exe=>wise0019
Infected with: Trojan.Downloader.Small.BKE

C:\Boot Screens\1165.exe=>wise0019
Disinfection failed

C:\Boot Screens\1165.exe=>wise0019
Deleted

C:\Boot Screens\1165.exe
Update failed

C:\Boot Screens\1165.exe=>wise0020
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Boot Screens\1165.exe=>wise0020
Deleted

C:\Boot Screens\1165.exe
Update failed

C:\Boot Screens\3446.exe=>wise0019
Infected with: Trojan.Downloader.Small.BKE

C:\Boot Screens\3446.exe=>wise0019
Disinfection failed

C:\Boot Screens\3446.exe=>wise0019
Deleted

C:\Boot Screens\3446.exe
Update failed

C:\Boot Screens\3446.exe=>wise0020
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Boot Screens\3446.exe=>wise0020
Deleted

C:\Boot Screens\3446.exe
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF8612B.exe=>(Quarantine-2)=>(CAB Sfx r)=>VVSN.exe
Infected with: Generic.Adw.SaveNow.56AD4696

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF8612B.exe=>(Quarantine-2)=>(CAB Sfx r)=>VVSN.exe
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF8612B.exe=>(Quarantine-2)=>(CAB Sfx r)=>VVSN.exe
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF8612B.exe=>(Quarantine-2)=>(CAB Sfx r)
Update failed














_____________________________________________________________________________________________________

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:14:06 AM 6/6/2007

+ Scan result:



C:\Program Files\TrueSwitch -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\TrueSwitch\TrueSwitch.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Esaya\TrueAssistant -> Adware.RogueSuspect : Cleaned with backup (quarantined).


::Report end

__________________________________________________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 8:27:03 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: 50CentOfficial Toolbar - {fc56fc30-367d-44ee-bbf5-5121868dc3a6} - C:\Program Files\50CentOfficial\tb50Ce.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161304261765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:10 PM

Posted 06 June 2007 - 07:50 AM

Hi Hue,

You need to uninstall Norton since you are using AVG antivirus.

If you have aready uninstalled it then use the Norton Removal Tool to remove a failed installation or a damaged Norton product

The Norton Removal Tool uninstalls all Norton 2007/2006/2005/2004/2003 products from your computer. Before you continue, make sure that you have the installation CDs or downloaded installation files for any Norton products that you want to reinstall. Also, if you use ACT! or WinFAX, back up those databases and uninstall those products.

http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Post a fresh hijackthis this log and I will see if it is gone.

Edited by SifuMike, 06 June 2007 - 08:49 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users