Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 10 of 10 Posts

· Registered
Joined
·
54 Posts
Discussion Starter · #1 ·
i have also stupidly installed something called bitgrabber and am experiencing all sorts of pop ups etc please could someone take a look for me...i would be chuffed if someone can help me!

Logfile of HijackThis v1.99.1
Scan saved at 19:36:40, on 15/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\sistray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\nero\nero.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\feedback.exe /dump:eek:s_startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [01BowsNewOnline] C:\Documents and Settings\All Users\Application Data\greatbrowse01bows\play rdr.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\liz\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
 

· Retired Moderator
Joined
·
84,466 Posts
Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

· Registered
Joined
·
54 Posts
Discussion Starter · #3 ·
hi there, here is the scan report from the AVG scan. For some reason I could not do a Panda scan...it would not complete the scan due to a Trojan Horse?

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:56:36 15/01/2007

+ Scan result:

:mozilla.150:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.269:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.363:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.455:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.502:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.148:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.162:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.59:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.60:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.91:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.165:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.166:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.338:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.339:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.340:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.572:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.573:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.574:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.171:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.172:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.76:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.194:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.592:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.202:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.105:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.107:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.27:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.52:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.178:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.140:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.527:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.528:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.529:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.599:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.600:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.601:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.602:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.603:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.77:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.422:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.423:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.424:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.425:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.169:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Matchcraft : Cleaned.
:mozilla.170:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Matchcraft : Cleaned.
:mozilla.30:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\liz\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.357:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.358:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.359:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.367:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.371:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.372:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\liz\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.509:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.399:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.193:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.428:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.429:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.430:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.431:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.432:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.261:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.262:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.503:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.569:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.570:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.616:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.617:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.618:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.449:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.450:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.451:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.134:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.135:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.474:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.475:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.476:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.477:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.478:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.479:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.480:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.481:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.100:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.101:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.102:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\liz\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.112:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.113:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.114:C:\Documents and Settings\liz\Application Data\Mozilla\Firefox\Profiles\f7te3eew.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\liz\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\All Users\Application Data\greatbrowse01bows\locksamen.exe -> Trojan.Obfuscated.bk : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\greatbrowse01bows\play rdr.exe -> Trojan.Obfuscated.bk : Cleaned with backup (quarantined).
C:\Documents and Settings\liz\Application Data\Else plus\uxokrmaq.exe -> Trojan.Obfuscated.bk : Cleaned with backup (quarantined).
C:\Documents and Settings\liz\Application Data\Else plus\wulnxmrk.exe -> Trojan.Obfuscated.bk : Cleaned with backup (quarantined).

::Report end
 

· Registered
Joined
·
54 Posts
Discussion Starter · #5 ·
hi there, here is the log

Logfile of HijackThis v1.99.1
Scan saved at 06:18:44, on 17/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\feedback.exe /dump:eek:s_startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [01BowsNewOnline] C:\Documents and Settings\All Users\Application Data\greatbrowse01bows\play rdr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\liz\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
 

· Retired Moderator
Joined
·
84,466 Posts
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Documents and Settings\All Users\Application Data\greatbrowse01bows
C:\DOCUME~1\liz\APPLIC~1\ELSEPL~1

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

O4 - HKLM\..\Run: [01BowsNewOnline] C:\Documents and Settings\All Users\Application Data\greatbrowse01bows\play rdr.exe

O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\liz\APPLIC~1\ELSEPL~1\AXISNEW.exe


Reboot and post another Hijack This log please.
 

· Registered
Joined
·
54 Posts
Discussion Starter · #7 ·
Hi there
did what you said, but i could only get as far as the first yes at the end of stage 3. then i get an error message
"selected file does not appear to be a valid script"
thanks for all your help so far by the way!:up:
 

· Administrator
Joined
·
124,729 Posts
First Name -
Karen
Cheeseball81 is not available to continue this so I will be assisting.

Download and unzip the following to a new folder:
http://metallica.geekstogo.com/findlop.zip

Inside the folder locate findlop.bat

Double click it and it will create the file C:\findlop.txt
Find that file and copy and paste the contents into your next post.

Also, copy the part in bold below into notepad and save it as direxie.bat
Set File type to "All files"

cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt


Start the file by double clicking direxie.bat
That will open a file called directory.txt. Post the content of that file.
 

· Registered
Joined
·
54 Posts
Discussion Starter · #9 ·
Hi cookiegal, here is what you asked me to do. i'm not sure how to do the first part so i'm not sure if its right!! the 2nd part is also here

thanks again

cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt

Volume in drive C is ACER
Volume Serial Number is 320D-180E

Directory of C:\Documents and Settings\liz\Application Data

22/08/2006 12:47 .
22/08/2006 12:47 ..
19/10/2005 21:12 IDENTI~1 Identities
19/10/2005 21:19 SYMANTEC Symantec
22/08/2006 12:54 GOOGLE Google
22/08/2006 21:14 ADOBE Adobe
22/08/2006 21:15 ADOBEUM AdobeUM
22/08/2006 21:41 MSNINS~1 MSNInstaller
22/08/2006 22:09 MOTIVE Motive
23/08/2006 09:02 CYBERL~1 CyberLink
23/08/2006 09:08 HELP Help
24/08/2006 11:21 MACROM~1 Macromedia
26/08/2006 12:33 SUN Sun
26/08/2006 16:18 MOZILLA Mozilla
19/09/2006 19:36 ZYLOM Zylom
30/09/2006 12:30 REAL Real
11/10/2006 17:36 DIVX DivX
21/10/2006 12:17 LAVASOFT Lavasoft
03/11/2006 16:33 VSO Vso
12/11/2006 15:22 PANASO~1 Panasonic
12/11/2006 15:37 ARCSOFT ArcSoft
30/11/2006 07:20 PLAYFI~1 PlayFirst
30/11/2006 11:32 BEEP Beep
27/12/2006 09:30 1,144 pcouffin.inf
27/12/2006 09:30 47,360 pcouffin.sys
27/12/2006 09:30 7,824 pcouffin.cat
27/12/2006 09:30 87,608 ezpinst.exe
27/12/2006 09:30 34 pcouffin.log
12/01/2007 18:16 ELSEPL~1 Else plus
12/01/2007 18:17 BITGRA~1 BitGrabber
5 File(s) 143,970 bytes
25 Dir(s) 29,870,227,456 bytes free
Volume in drive C is ACER
Volume Serial Number is 320D-180E

Directory of C:\Documents and Settings\All Users\Application Data

15/06/2006 11:12 .
15/06/2006 11:12 ..
19/10/2005 21:15 ADOBE Adobe
19/10/2005 21:19 SYMANTEC Symantec
23/08/2006 08:49 CYBERL~1 CyberLink
23/08/2006 13:14 TRYMEDIA Trymedia
24/08/2006 18:07 NTIDVD~1 NtiDvdCopy
25/08/2006 10:17 WINDOW~1 Windows Genuine Advantage
26/08/2006 11:07 BVRPSO~1 BVRP Software
16/09/2006 12:32 GOOGLE Google
19/09/2006 19:36 ZYLOM Zylom
24/09/2006 13:35 SPYBOT~1 Spybot - Search & Destroy
28/10/2006 12:51 MUMBOJ~1 MumboJumbo
12/11/2006 15:19 QUICKT~1 QuickTime
01/12/2006 17:50 SANDLO~1 Sandlot Games
12/01/2007 18:16 GREATB~1 greatbrowse01bows
0 File(s) 0 bytes
16 Dir(s) 29,870,227,456 bytes free
Volume in drive C is ACER
Volume Serial Number is 320D-180E

Directory of C:\Program Files

15/06/2006 11:12 .
15/06/2006 11:12 ..
19/10/2005 20:59 COMMON~1 Common Files
19/10/2005 21:02 WINDOW~1 Windows NT
19/10/2005 21:02 MSN
19/10/2005 21:02 MSNGAM~1 MSN Gaming Zone
19/10/2005 21:02 MESSEN~1 Messenger
19/10/2005 21:03 WINDOW~2 Windows Media Player
19/10/2005 21:03 ONLINE~1 Online Services
19/10/2005 21:03 COMPLU~1 ComPlus Applications
19/10/2005 21:03 INTERN~1 Internet Explorer
19/10/2005 21:03 OUTLOO~1 Outlook Express
19/10/2005 21:03 NETMEE~1 NetMeeting
19/10/2005 21:03 MOVIEM~1 Movie Maker
19/10/2005 21:05 MICROS~1 microsoft frontpage
19/10/2005 21:05 xerox
19/10/2005 21:11 sisagp
19/10/2005 21:13 REALTE~1 Realtek AC97
19/10/2005 21:15 ADOBE Adobe
19/10/2005 21:17 NEWTEC~1 NewTech Infosystems
19/10/2005 21:17 CYBERL~1 CyberLink
22/08/2006 20:39 SISLAN SiSLan
22/08/2006 12:48 SISVGA~1.68 SiS VGA Utilities V3.68
22/08/2006 12:49 JAVA Java
22/08/2006 12:54 GOOGLE Google
22/08/2006 21:59 BROADJ~1 BroadJump
22/08/2006 22:03 MOTIVE Motive
22/08/2006 22:03 ntl
23/08/2006 08:56 DIVX DivX
24/08/2006 11:45 SMARTD~1 SmartDVDCreator
25/08/2006 12:10 AHEAD Ahead
25/08/2006 12:14 POWERISO PowerISO
26/08/2006 11:02 LEXMAR~1 Lexmark 1200 Series
26/08/2006 11:07 FAXTOOLS FaxTools
26/08/2006 11:08 ABBYYF~1.0SP ABBYY FineReader 5.0 Sprint
26/08/2006 11:08 ABBYYF~1.0 ABBYY FineReader 6.0
26/08/2006 16:18 MOZILL~1 Mozilla Firefox
04/09/2006 19:44 QUICKT~1 QuickTime
24/09/2006 13:35 SPYBOT~1 Spybot - Search & Destroy
14/10/2006 07:52 WINRAR WinRAR
18/10/2006 16:33 HIJACK~1 Hijackthis
21/10/2006 11:22 ALWILS~1 Alwil Software
27/10/2006 16:22 LAVASOFT Lavasoft
28/10/2006 12:51 BFG
03/11/2006 16:33 vso
12/11/2006 15:16 ARCSOFT ArcSoft
12/11/2006 15:17 PANASO~1 Panasonic
26/11/2006 09:42 3,681,648 BITCOM~1.EXE bitcomet_setup.exe
26/11/2006 09:57 DOWNLO~1 Downloads
22/08/2006 21:18 mess!!!
26/11/2006 10:44 197,233 RESTOR~1.EXE restoration.exe
30/11/2006 07:14 SPONGE~1 SpongeBob SquarePants Diner Dash
30/11/2006 08:03 LUXORM~1 Luxor Mahjong
02/12/2006 06:46 ZONEAL~1 ZoneAlarm
02/12/2006 06:46 TWEAKN~1 TweakNow RegCleaner Std
08/12/2006 16:29 WINDOW~4 Windows Media Connect 2
09/01/2007 17:52 TRYMEDIA TryMedia
15/01/2007 22:25 GRISOFT Grisoft
20/01/2007 13:53 BITCOMET BitComet
2 File(s) 3,878,881 bytes
57 Dir(s) 29,870,227,456 bytes free
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top