Tech Support banner

Computer needs major help..

Jump to Latest Follow
Status
Not open for further replies.
1 - 6 of 6 Posts
S

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
I had an infected file pop up and I hit okay to delete it and then got another error saying they couldn't locate the file. I couldn't even manually find it. I found this site and followed to get hijackthis and here is my log. Please help!

Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 6:18:06 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\AOL\1168902454\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Common Files\AOL\1168902454\ee\SSCEvtHdlr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\1168902454\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\mcafee.com\personal firewall\MpfTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
c:\program files\common files\aol\1168902454\ee\anotify.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bankofamerica.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {F32B2DE5-E0A6-79D6-7D65-EE0F72B0AACF} - WTFCTF.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysmon12] killall.exe
O4 - HKLM\..\Run: [SAPSTR] new32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168902454\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xsetup] nmdllw.exe
O4 - HKCU\..\Run: [SYSTRAV] SAPSTR.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{26178CF4-ECA2-4F62-9998-55D64389D86C}: NameServer = 85.255.116.82,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{37252FDB-0242-4E4C-AD1F-EEC0B6C3EEA0}: NameServer = 85.255.116.82,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{26178CF4-ECA2-4F62-9998-55D64389D86C}: NameServer = 85.255.116.82,85.255.112.235
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
tetonbob

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
#2 ·
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

This is but Round 1 of what could be several posts. Plese be sure to follow up until you're given the all clear.

---------------------------------------------------------------------------------------------

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):


R3 - URLSearchHook: (no name) - {F32B2DE5-E0A6-79D6-7D65-EE0F72B0AACF} - WTFCTF.dll (file missing)
O4 - HKLM\..\Run: [sysmon12] killall.exe
O4 - HKLM\..\Run: [SAPSTR] new32.exe
O4 - HKCU\..\Run: [xsetup] nmdllw.exe
O4 - HKCU\..\Run: [SYSTRAV] SAPSTR.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{26178CF4-ECA2-4F62-9998-55D64389D86C}: NameServer = 85.255.116.82,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{37252FDB-0242-4E4C-AD1F-EEC0B6C3EEA0}: NameServer = 85.255.116.82,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{26178CF4-ECA2-4F62-9998-55D64389D86C}: NameServer = 85.255.116.82,85.255.112.235


Click FIX CHECKED. Close HijackThis.

Delete these files if they still exist:

C:\Windows\System32\killall.exe
C:\Windows\System32\new32.exe
C:\Windows\System32\nmdllw.exe
C:\Windows\System32\SAPSTR.exe

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.

**If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again.
----------------------------------------------------------------------------------------------------------
 
S

·
Registered
Joined
·
3 Posts
Discussion Starter · #3 ·
New logs

Thank you for the help! Here are my new logs..


Fixwareout
Last edited 1/14/2006
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINDOWS\system32\dmfhz.exe will be moved to C:\WINDOWS\temp\dmfhz.ren at reboot.
C:\WINDOWS\system32\csuvg.exe will be moved to C:\WINDOWS\temp\csuvg.ren at reboot.
»»»»» System restarted
...
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion "dpid"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion "pid"
...
Random Runs removed from HKLM
"dmfhz.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»











Logfile of HijackThis v1.99.1
Scan saved at 10:27:34 PM, on 1/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1168902454\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1168902454\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1168902454\ee\SSCEvtHdlr.exe
c:\program files\common files\aol\1168902454\ee\anotify.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bankofamerica.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bankofamerica.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168902454\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1168902454\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
tetonbob

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
#4 ·
Good work! Please perform this general system scan and cleaning to see if anything else is lurking.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

---------------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with logs from:

AVG Anti-Spyware
Panda
HJT

How is your system behaving now, please?
 
S

·
Registered
Joined
·
3 Posts
Discussion Starter · #5 ·
New logs

Here are my new logs. The only one not here is the Panda one b/c it didn't find anything.



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:52:21 AM 1/24/2007

+ Scan result:



C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP263\A0097090.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP263\A0097088.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP257\A0072056.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP257\A0072057.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP257\A0072058.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP257\A0072059.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP260\A0095984.exe -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP263\A0097089.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP203\A0052556.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP203\A0052583.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP204\A0052626.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP204\A0052659.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP204\A0052664.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP204\A0053664.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP205\A0053708.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP205\A0053722.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP205\A0053728.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP205\A0053742.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP206\A0053760.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP206\A0053776.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP206\A0053781.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP207\A0053799.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP207\A0053819.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP207\A0054818.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP207\A0054828.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP207\A0054833.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP208\A0054850.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP208\A0054867.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP208\A0054881.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP208\A0055881.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP208\A0055897.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP209\A0055913.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP209\A0055925.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP209\A0055939.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP209\A0055953.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP210\A0055969.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP211\A0055985.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP211\A0055997.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP211\A0056003.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP212\A0056019.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP212\A0056033.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP212\A0056045.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP212\A0056061.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP212\A0056066.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP212\A0056080.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP212\A0056094.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP212\A0056100.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP213\A0056115.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP214\A0056132.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP214\A0056145.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP216\A0056162.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP216\A0056179.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP217\A0056194.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP217\A0056208.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP217\A0056218.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP217\A0056231.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP218\A0056246.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP218\A0056266.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP218\A0056277.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP218\A0056290.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP219\A0056296.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP219\A0056311.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP220\A0056386.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP220\A0056408.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP220\A0056419.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP220\A0056431.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP221\A0056446.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP221\A0056453.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP222\A0056488.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP223\A0056535.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP223\A0056556.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP224\A0056584.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP225\A0056625.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP226\A0056654.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP226\A0056669.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP227\A0056684.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP227\A0056710.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP227\A0056731.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP228\A0056765.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP229\A0056780.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP229\A0056797.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP229\A0056810.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP230\A0056826.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP231\A0056924.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP231\A0056956.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP231\A0056986.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP231\A0056990.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP231\A0057009.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP233\A0058003.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP234\A0058027.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP234\A0058033.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP238\A0058063.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP238\A0058078.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP239\A0058118.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP239\A0058136.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP240\A0058167.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP240\A0058188.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP240\A0058200.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP240\A0059199.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP241\A0059232.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP241\A0059257.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP241\A0059269.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP242\A0059288.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP242\A0059306.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP243\A0059319.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP243\A0060318.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP243\A0060333.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP243\A0061332.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP244\A0061354.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP244\A0062356.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP244\A0063356.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP244\A0063370.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP244\A0063385.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP244\A0063398.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP244\A0064397.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP244\A0065398.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP244\A0065414.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP245\A0065427.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP246\A0065447.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP246\A0065472.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP247\A0065502.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP247\A0066502.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP248\A0066527.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP248\A0067529.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP248\A0067541.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP248\A0068541.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP248\A0068552.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP249\A0068566.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP249\A0069566.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP250\A0069583.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP250\A0069597.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP250\A0069609.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP250\A0069615.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP250\A0069631.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP250\A0069643.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP250\A0069656.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP250\A0069670.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP251\A0070669.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP251\A0070684.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP251\A0070690.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP251\A0071689.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP251\A0071704.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP251\A0071726.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP252\A0071740.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP253\A0071777.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP254\A0071877.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP254\A0071890.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP255\A0071920.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP255\A0071928.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP255\A0071943.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP255\A0071959.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP256\A0071988.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0075793.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0075877.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0076875.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0076892.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0076906.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0077904.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0077911.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0078913.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0079911.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0080911.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0080923.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0080933.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0081933.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0081950.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0082950.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0083952.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0084952.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0085952.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0086952.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0086967.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0087965.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP259\A0088967.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP259\A0089965.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP259\A0090965.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP259\A0091964.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP259\A0091969.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP259\A0092969.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP259\A0093969.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP259\A0094969.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP259\A0095969.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP260\A0096971.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP261\A0097022.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP262\A0097048.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP263\A0097065.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP263\A0097070.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP263\A0097086.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP263\A0097111.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP263\A0097110.exe -> Trojan.Favadd.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8708D82E-02DF-4D9C-9FCB-FCE134E38AC6}\RP258\A0075821.exe -> Trojan.Qhost.df : Cleaned with backup (quarantined).


::Report end










Logfile of HijackThis v1.99.1
Scan saved at 12:58:56 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1168902454\ee\SSCEvtHdlr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\AOL\1168902454\ee\aolsoftware.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Common Files\AOL\1168902454\ee\aolsoftware.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
c:\program files\common files\aol\1168902454\ee\anotify.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bankofamerica.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bankofamerica.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168902454\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1168902454\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1168902454\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe








Last night after I was done doing the first set of instructions, I hit the shutdown button and then got an error saying something about mcafee finding something that needed to be fixed right away. I don't know the exact words b/c the computer was in the process of shutting down so it went away and I haven't seen the error again. Actually, I have the aol safety and security center on here, and I know the old one was called mcafee, but it normally doesn't call it by that name now so I'm a bit confused about even having mcafee on this computer to begin with. Anyway, this is my fiances laptop and he said he can already see an improvement on how it's acting. I hope after all the new stuff I just did that it gets even better. Thanks again for all your help!
 
tetonbob

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
#6 ·
Looking much better....we have a bit more work to do.

---------------------------------------------------------------------------------------------

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------

Can't say what McAfee found, without knowing the exact message. As long as it's not continuous, let's say that it was doing it's job, and that's not an issue. If it occurs again, try to note the exact message.

Don't know much about AOL, but I know for a time they were using McAfee as their branded Anti-Virus.

Even though Panda found nothing, I'd like you to run this online scan also. It uses different heuristic detections, and may find something Panda did not.

---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
        [*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save Report As button.
  • Select txt file from the dropdown menu, to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------
 
1 - 6 of 6 Posts
Status
Not open for further replies.
About this Discussion
5 Replies
2 Participants
Last post:
tetonbob
Tech Support
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Recommended Communities
Community avatar for Next Generation Emulation
Next Generation Emulation
509K+ members
Community avatar for Toyota Nation Forum
Toyota Nation Forum
477K+ members
Community avatar for Mercedes Benz ESprinter Forum
Mercedes Benz ESprinter Forum
NEW!
10+ members
Top