|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-01-2006, 04:46 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 6
OS: xp
|
Many obscure problems. Help with logfile.
I have a dell laptop running windows XP home edition. I have Norton antivirus and AVG anti-spyware. Im using zone labs firewall. I’ve run both ad-aware and Spybot search and destroy. I have a multitude of problems that I have tried unsuccessfully to fix on my own. My internet explorer and Firefox will randomly quit working after some time. Both go from the current page they are browsing back to the homepage. After this, I am unable to navigate away from the homepage. It just stops the load. As you probably realize, it gives me great difficulty to even access these help forums.
My Norton Antivirus will not scan my computer anymore. I get the error “VCG32.exe reported an error and will now shutdown” or something to that effect. Randomly, at different interviews, Norton will show a pop-up saying “Real Time protection has been disabled.” Three more problems are also affecting my computer. My windows firewall is not functioning, and windows can’t turn it on. My recycling bin appears empty even when files are in it. When I empty it, it asks “Delete these 3 items” no matter how many items are present. Occasionally I am unable to open any of the folders on my desktop or in my documents. Restarting my computer usually allows me to open them, but the problem will come back on occasion. I think the problems might be associated with Windows service pack 2 or 3. I had service pack three, but after my problems started I restored my system to a date before I updated to pack 3. Thanks for any help. Logfile of HijackThis v1.99.1 Scan saved at 6:14:44 PM, on 11/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [twr] C:\WINDOWS\twr.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Wqbfnexx] C:\Program Files\Xauivov\Kfsrccg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136767902\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ActiveGS.cab - apple - www.virtualapple.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/2...l/gtdownls.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-02-2006, 08:22 PM
|
#2 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Hi.Welcome.
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O4 - HKLM\..\Run: [twr] C:\WINDOWS\twr.exe O4 - HKLM\..\Run: [Wqbfnexx] C:\Program Files\Xauivov\Kfsrccg.exe Open Windows Explorer and delete the following highlighted file/s Also delete the following red folder/s C:\WINDOWS\twr.exe C:\Program Files\Xauivov Reboot..................... Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.4 and Ad-aware SE v1.06 . Fix whatever they suggest. If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer: Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer. Anti-trojan Please download, update and run the A2 (A squared) anti-trojan. Let it fix whatever it wants to. Anti-virus Also, run this pc through the... Panda Online virus scanner or Trend Micro Housecall Online virus scanner Let it delete whatever it finds Post a new log when done.
__________________
Eddy |
|
|
|
|
11-03-2006, 02:15 PM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 6
OS: xp
|
Thanks for the help. I've run two online virus scans and the hijackthis scan again.
Here is my Hijack this log. Logfile of HijackThis v1.99.1 Scan saved at 1:23:44 PM, on 11/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136767902\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ActiveGS.cab - apple - www.virtualapple.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/2...l/gtdownls.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...86/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Here is my Kaspersky scan: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, November 03, 2006 4:02:55 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 3/11/2006 Kaspersky Anti-Virus database records: 237906 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 71151 Number of viruses found: 2 Number of infected objects: 2 / 0 Number of suspicious objects: 2 Duration of the scan process: 01:29:03 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-04182006-165052.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer16.zip/install.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer16.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Matt\Application Data\Aim\oxweaycp\fidgeter82\cert8.db Object is locked skipped C:\Documents and Settings\Matt\Application Data\Aim\oxweaycp\fidgeter82\key3.db Object is locked skipped C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\history.dat Object is locked skipped C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\parent.lock Object is locked skipped C:\Documents and Settings\Matt\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{46C88490-FB68-4527-84C9-CB869442FAA6} Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Matt\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Matt\Local Settings\History\History.IE5\MSHist012006110320061104\index.dat Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Temp\CMLS--2006-11-03--13-25-36.log Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Temp\ss_cdt_setup.exe/data0002 Infected: not-a-virus:AdWare.Win32.Sidesearch.e skipped C:\Documents and Settings\Matt\Local Settings\Temp\ss_cdt_setup.exe NSIS: infected - 1 skipped C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Matt\ntuser.dat Object is locked skipped C:\Documents and Settings\Matt\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{16388A00-A935-4CDC-9B6D-90A9AB3D9F57}\RP1112\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\MATTSLAPTOP.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{F2EBE41A-245C-45C0-8148-8A9CF5DB1D4B}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT05d8b.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT05f63.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Here is the Pandasoftware online virus scan: Incident Status Location Adware:adware/delfinmedia Not disinfected c:\keys.ini Virus:trj/dowcen.a Disinfected Operating system Adware:adware/cws Not disinfected C:\Documents and Settings\Matt\Favorites\Fun & Games Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Matt\Application Data\Lycos Spyware:spyware/media-motor Not disinfected Windows Registry Adware:adware/savenow Not disinfected Windows Registry Adware:adware/ist.sidefind Not disinfected Windows Registry Adware:adware/ist.yoursitebar Not disinfected Windows Registry Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.atwola.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.ath.belnk.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.belnk.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.com.com/] Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.did-it.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.go.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.maxserving.com/] Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.metriweb.be/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.overture.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Matt\Cookies\matt@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Cookies\matt@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Cookies\matt@dist.belnk[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Matt\Cookies\matt@www.burstbeacon[2].txt Virus:Trj/Qhost.Y Disinfected C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7A7B3458-CCB1-4534-AEF2-CCCD195FCDDE} Possible Virus. Not disinfected C:\Documents and Settings\Matt\Local Settings\Temp\iconpop-buddy-icons.exe Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Matt\Local Settings\Temp\ss_cdt_setup.exe[˛ =.dll] Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Matt\Local Settings\Temp\ss_cdt_setup.exe[offline.htm] Virus:Trj/Qhost.Y Renamed C:\WINDOWS\system32\drivers\etc\hosts Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050216-141636.backup Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050216-141656.backup |
|
|
|
|
11-03-2006, 05:35 PM
|
#4 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Just run these for a final clean out.
Download and install AVG Anti-Spyware 7.5 (This is Ewido 4.0 renamed. If you already have Ewido installed, please update to AVG Anti-Spyware which has a special "clean driver" for removing persistent malware) 1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install". 5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray. 6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. 7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows". 8. Go to Start > Run and type: services.msc
Exit AVG Anti-Spyware when done - DO NOT perform a scan yet. Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Scan with AVG Anti-Spyware as follows: 1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
3. Click "Complete System Scan" to start. 4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine. IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button? 5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\ 6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response. Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so may hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection. AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version. ================================ Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/ATF-Cleaner.exe Save it to your Desktop. Double-click ATF-Cleaner.exe to run the program. Click Select All found at the bottom of the list. Click the Empty Selected button. Click Exit on the Main menu to close the program.
__________________
Eddy |
|
|
|
|
11-04-2006, 09:46 PM
|
#5 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 6
OS: xp
|
Here's another report. Thanks for the continued support.
AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:29:37 PM 11/4/2006 + Scan result: C:\System Volume Information\_restore{16388A00-A935-4CDC-9B6D-90A9AB3D9F57}\RP1089\A0062246.ocx -> Adware.Gdown : Cleaned. :mozilla.32:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.33:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.34:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.35:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.36:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.37:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.325:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.73:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.74:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.75:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.76:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Matt\Cookies\matt@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.80:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.11:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.12:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.22:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.23:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Matt\Cookies\matt@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.108:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Matt\Cookies\matt@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.126:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.14:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Matt\Cookies\matt@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.271:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.81:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.82:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.83:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.84:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.278:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.279:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.280:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.26:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.27:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.28:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.29:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.30:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.38:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.306:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.307:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.308:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.309:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.310:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.79:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Matt\Cookies\matt@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.331:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.332:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.393:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Matt\Cookies\matt@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Matt\Cookies\matt@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.343:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.344:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.345:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.346:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.347:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.348:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.349:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.350:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.351:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Trafic : Cleaned. :mozilla.354:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.298:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.299:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.300:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.301:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.302:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\Matt\Cookies\matt@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end |
|
|
|
|
11-15-2006, 12:33 PM
|
#7 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 6
OS: xp
|
Sorry to bother you or bring up an old thread but my internet is running slower than normal. Spybot search and destroy, windows defender, and ad-aware don't pick up anything. I ran the pandasoft scan and it looks like this:
Incident Status Location Adware:adware/delfinmedia Not disinfected c:\keys.ini Adware:adware/cws Not disinfected C:\Documents and Settings\Matt\Favorites\Fun & Games Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Matt\Application Data\Lycos Spyware:spyware/media-motor Not disinfected Windows Registry Adware:adware/savenow Not disinfected Windows Registry Adware:adware/ist.sidefind Not disinfected Windows Registry Adware:adware/ist.yoursitebar Not disinfected Windows Registry Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.atwola.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.ath.belnk.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.belnk.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.burstnet.com/] Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.did-it.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.go.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.maxserving.com/] Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.metriweb.be/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.realmedia.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Cookies\matt@ad.yieldmanager[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Matt\Cookies\matt@atwola[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Matt\Cookies\matt@www.burstbeacon[2].txt My Hijack this scan is looks like this: Logfile of HijackThis v1.99.1 Scan saved at 2:33:27 PM, on 11/15/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Common Files\AOL\1136767902\ee\AOLSoftware.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\Program Files\AIM\aim.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136767902\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/2...l/gtdownls.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...86/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks for any help. I appreciate it. -Matt |
|
|
|
|
12-02-2006, 03:22 PM
|
#8 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 6
OS: xp
|
My AVG anti-spyware trial version ran out and I am now having some spyware or malware problems. I get constant "Windows spyware 2006" popups, or something similar. I'm also flooded with other popups. I ran both adaware and spybot search and destroy and they found and deleted many problems. However, I ran pandasoft's virus scan and it detected more problems. Here is my Hijack this logfile and my pandasoft logfile. Thanks for your time.
Logfile of HijackThis v1.99.1 Scan saved at 4:54:52 PM, on 12/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136767902\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjol.dll,startup O4 - HKLM\..\Run: [yjwaixd.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yjwaixd.dll,qbudix O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/2...l/gtdownls.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...86/mcfscan.cab O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Incident Status Location Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\uedgsmvh.dll Adware:adware/delfinmedia Not disinfected c:\keys.ini Adware:adware/cws Not disinfected C:\Documents and Settings\Matt\Favorites\Fun & Games Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Matt\Application Data\Lycos Spyware:spyware/media-motor Not disinfected Windows Registry Adware:adware/savenow Not disinfected Windows Registry Adware:adware/ist.sidefind Not disinfected Windows Registry Adware:adware/ist.yoursitebar Not disinfected Windows Registry Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.drivecleaner.com/] Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[www.drivecleaner.com/] Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[stats.drivecleaner.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.ath.belnk.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.atwola.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.belnk.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.burstnet.com/] Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.did-it.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.go.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.maxserving.com/] Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.metriweb.be/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[.realmedia.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Cookies\matt@ad.yieldmanager[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Cookies\matt@advertising[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Matt\Cookies\matt@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Matt\Cookies\matt@overture[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Cookies\matt@realmedia[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Matt\Cookies\matt@stats1.reliablestats[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Matt\Cookies\matt@winantivirus[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Matt\Cookies\matt@www.winantivirus[1].txt Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\B23E4567d01 Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\DAF1E752d01 Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kfkveoqb.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\qojxxfay.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vtusppm.dll |
|
|
|
|
12-02-2006, 04:33 PM
|
#9 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
O4 - HKLM\..\Run: [yjwaixd.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yjwaixd.dll,qbudix Open Windows Explorer and delete the following highlighted file/s C:\WINDOWS\system32\yjwaixd.dll C:\WINDOWS\system32\uedgsmvh.dll C:\Documents and Settings\Matt\Favorites\Fun & Games C:\WINDOWS\system32\kfkveoqb.dll C:\WINDOWS\system32\qojxxfay.exe C:\WINDOWS\system32\vtusppm.dll If you have not set these restrictions you can remove these from the log as well O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present Download VundoFix.exe to your desktop. * Double-click VundoFix.exe to run it. * Put a check next to Run VundoFix as a task. * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK * When VundoFix re-opens, click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will shutdown your computer, click OK. * Turn your computer back on. Scan and post a fresh hijackthis log.
__________________
Eddy |
|
|
|
|
12-02-2006, 06:42 PM
|
#10 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 6
OS: xp
|
Here is my Kaspersky log file. Could you tell me how to remove the contents in the scan? Thank you.
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, December 02, 2006 8:39:48 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 3/12/2006 Kaspersky Anti-Virus database records: 233625 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 57722 Number of viruses found: 5 Number of infected objects: 6 / 0 Number of suspicious objects: 4 Duration of the scan process: 00:55:38 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-04182006-165052.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer16.zip/install.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer16.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/ishost.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Matt\Application Data\Aim\oxweaycp\fidgeter82\cert8.db Object is locked skipped C:\Documents and Settings\Matt\Application Data\Aim\oxweaycp\fidgeter82\key3.db Object is locked skipped C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\history.dat Object is locked skipped C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\parent.lock Object is locked skipped C:\Documents and Settings\Matt\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\jdgu74wk.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Matt\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Matt\Local Settings\History\History.IE5\MSHist012006120220061203\index.dat Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Temp\CMLS--2006-12-02--19-32-00.log Object is locked skipped C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Matt\ntuser.dat Object is locked skipped C:\Documents and Settings\Matt\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{16388A00-A935-4CDC-9B6D-90A9AB3D9F57}\RP1154\A0068447.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped C:\System Volume Information\_restore{16388A00-A935-4CDC-9B6D-90A9AB3D9F57}\RP1158\A0068691.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{16388A00-A935-4CDC-9B6D-90A9AB3D9F57}\RP1158\A0068692.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{16388A00-A935-4CDC-9B6D-90A9AB3D9F57}\RP1159\A0068709.dll Infected: Trojan.Win32.Agent.vg skipped C:\System Volume Information\_restore{16388A00-A935-4CDC-9B6D-90A9AB3D9F57}\RP1160\change.log Object is locked skipped C:\VundoFix Backups\winrip32.dll.bad Infected: Trojan.Win32.Agent.vg skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\MATTSLAPTOP.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\emxxqmyd.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT04f83.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT06ca7.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Here is the hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 8:42:13 PM, on 12/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\AOL\1136767902\ee\AOLSoftware.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\{C0AA313C-0A20-1033-0523-030228030001}\Update.exe C:\Program Files\AIM\aim.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1AD3F52C-7314-8A06-928C-0958ED72FA56} - C:\WINDOWS\system32\cxnerel.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\uedgsmvh.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {883860C1-79DA-49C9-8D12-25F7739E6BA6} - C:\WINDOWS\system32\xxwuu.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136767902\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjol.dll,startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/2...l/gtdownls.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...86/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
12-02-2006, 07:01 PM
|
#11 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
O2 - BHO: (no name) - {1AD3F52C-7314-8A06-928C-0958ED72FA56} - C:\WINDOWS\system32\cxnerel.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\uedgsmvh.dll (file missing) O2 - BHO: (no name) - {883860C1-79DA-49C9-8D12-25F7739E6BA6} - C:\WINDOWS\system32\xxwuu.dll (file missing) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present Reboot.................. Rescan with AVG and post the log along with a new HJT log. |
|
|
|
| Thread Tools | |
|
|
