Tech Support Guy banner
Cancel

Lop.AS need help to remove

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 9 of 9 Posts
L

· Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
I have attacked my hijackthis log file. Thanks in advance for your help.

litlwillie

Logfile of HijackThis v1.99.1
Scan saved at 5:30:15 AM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\atievxx.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\MXOaldr.exe
D:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Palm\STPTRemote.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Palm\HOTSYNC.EXE
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\Downloaded Program Files\iSetup.exe
C:\WINDOWS\Downloaded Program Files\iSetup.exe
C:\Documents and Settings\David McDaniel\Desktop\Healing Software\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\DOWNLO~1\ANTI-S~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Phishing Inspector - {63D687A8-0913-49DE-9EAF-9ABF2D384BD6} - C:\Program Files\Phishing Inspector\Phishing Inspector\PhishingInspector.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {B4A062B6-F310-475C-9483-FABA4F8300BF} - C:\WINDOWS\system32\cbxvvvw.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [AS00_Gear511] D:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PAPIRUS SYSTRAY RESIDENT] "D:\Palm\STPTRemote.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Downloads\Anti - Spyware\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Phishing Inspector - {27D03A6F-EE46-4c0b-9DA1-FA847987EE4F} - C:\Program Files\Phishing Inspector\Phishing Inspector\PIDialog.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123565105290
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123565089607
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: cbxvvvw - C:\WINDOWS\SYSTEM32\cbxvvvw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - D:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "D:\Program Files\Freenet\wrapper.conf (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OPCEnum - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: RSLinx - Unknown owner - C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#2 ·
Hi and welcome :)

Download and run VundoFix: http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
 
L

· Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
Did as you instructed but Lop.AS is still present. AGV found and deleated a temporary internet file ...\Content.IE5\HJ85k08A\Lo1\[1] on the last scan.

***** VundoFix File*****

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.9

Scan started at 12:14:23 AM 1/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\windph32.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\windph32.dll
C:\WINDOWS\system32\windph32.dll Has been deleted!

Performing Repairs to the registry.
Done!

***** New HijackThis Log *****

Logfile of HijackThis v1.99.1
Scan saved at 5:13:45 AM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\MXOaldr.exe
D:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\atievxx.exe
D:\Palm\STPTRemote.exe
C:\Program Files\Apoint\Apntex.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Downloads\Anti - Spyware\Spybot\Spybot - Search & Destroy\TeaTimer.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David McDaniel\Desktop\Healing Software\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Phishing Inspector - {63D687A8-0913-49DE-9EAF-9ABF2D384BD6} - C:\Program Files\Phishing Inspector\Phishing Inspector\PhishingInspector.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {B4A062B6-F310-475C-9483-FABA4F8300BF} - C:\WINDOWS\system32\cbxvvvw.dll
O2 - BHO: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [AS00_Gear511] D:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [StartupDelayer] "D:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [Papirus Systray Resident] "D:\Palm\STPTRemote.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Downloads\Anti - Spyware\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Phishing Inspector - {27D03A6F-EE46-4c0b-9DA1-FA847987EE4F} - C:\Program Files\Phishing Inspector\Phishing Inspector\PIDialog.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: cbxvvvw - C:\WINDOWS\SYSTEM32\cbxvvvw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windph32 - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - D:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "D:\Program Files\Freenet\wrapper.conf (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OPCEnum - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#4 ·
Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 
L

· Registered
Joined
·
5 Posts
Discussion Starter · #5 ·
New log files. Thanks for your continued help.

***** HIjackThis.log *****

Logfile of HijackThis v1.99.1
Scan saved at 2:18:11 AM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\MXOaldr.exe
D:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Apoint\Apntex.exe
D:\Palm\STPTRemote.exe
C:\WINDOWS\System32\atievxx.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Downloads\Anti - Spyware\Spybot\Spybot - Search & Destroy\TeaTimer.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David McDaniel\Desktop\Healing Software\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Phishing Inspector - {63D687A8-0913-49DE-9EAF-9ABF2D384BD6} - C:\Program Files\Phishing Inspector\Phishing Inspector\PhishingInspector.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {B4A062B6-F310-475C-9483-FABA4F8300BF} - C:\WINDOWS\system32\cbxvvvw.dll (file missing)
O2 - BHO: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [AS00_Gear511] D:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [StartupDelayer] "D:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [Papirus Systray Resident] "D:\Palm\STPTRemote.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Downloads\Anti - Spyware\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Phishing Inspector - {27D03A6F-EE46-4c0b-9DA1-FA847987EE4F} - C:\Program Files\Phishing Inspector\Phishing Inspector\PIDialog.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: cbxvvvw - cbxvvvw.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windph32 - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - D:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "D:\Program Files\Freenet\wrapper.conf (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OPCEnum - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

***** AVG Anti-Spyware - Scan Report *****

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:58:20 AM 1/17/2007

+ Scan result:

C:\Documents and Settings\David McDaniel\Desktop\Healing Software\backups\backup-20070110-044824-441.dll -> Adware.MaxSearch : Cleaned.
C:\Program Files\Common Files\{3087541E-03E8-1033-0224-020111220001}\Bar888.dll -> Adware.MaxSearch : Cleaned.
C:\SDFix\backups\backups.zip/backups/win15.tmp.exe -> Adware.MaxSearch : Cleaned.
C:\System Volume Information\_restore{B0BEA88A-6491-4653-8138-16C48361FE45}\RP437\A0123184.dll -> Adware.MaxSearch : Cleaned.
C:\System Volume Information\_restore{B0BEA88A-6491-4653-8138-16C48361FE45}\RP437\A0123211.dll -> Adware.MaxSearch : Cleaned.
C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned.
C:\SDFix\backups\backups.zip/backups/win19.tmp.exe -> Downloader.PurityScan.dc : Cleaned.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored and added to exceptions
:mozilla.98:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.237:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.295:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.296:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.56:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.57:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.58:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.59:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.60:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.49:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.50:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.94:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.90:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.73:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.84:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.85:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.94:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.18:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.118:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.119:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.120:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.121:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.122:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.44:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.478:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.479:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.480:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.481:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.307:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.299:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.300:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.301:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.311:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.312:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.313:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.314:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.315:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.182:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.93:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.440:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.334:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.335:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.251:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.252:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.259:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.42:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.43:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.44:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.40:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.41:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.45:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.45:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.46:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.46:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.47:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.48:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.102:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.261:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.262:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.90:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.91:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.123:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.263:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.264:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.287:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.130:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.131:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.317:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.318:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.319:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.320:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.72:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.350:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.351:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.362:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.363:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.63:C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.

::Report end
 
L

· Registered
Joined
·
5 Posts
Discussion Starter · #6 ·
***** Panda Activescan Report *****

Incident Status Location

Adware:adware/popmonster Not disinfected C:\Documents and Settings\David McDaniel\Favorites\shopping\eBay.url
Adware:adware/whenusearch Not disinfected c:\program files\common files\WhenU
Adware:adware/beginto Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Firefox\Profiles\f8hgbki6.default\cookies.txt[.stats1.clicktracks.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David McDaniel\Application Data\Mozilla\Profiles\default\idhqp48y.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\David McDaniel\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\David McDaniel\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3087541E-03E8-1033-0224-020111220001}\UnInstall.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Virus:Trj/ConHook.AI Disinfected C:\WINDOWS\system32\iiffcyx.dll
Virus:Trj/Passtealer.AP Disinfected C:\WINDOWS\system32\vssms32.exe
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#7 ·
Download Combofix to your desktop:

* Double-click Combofix.exe and follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not mouse click Combofix's window while it's running. That may cause it to stall.
 
L

· Registered
Joined
·
5 Posts
Discussion Starter · #8 ·
Thank you for your continued help.

***** Combofix.txt*****

"David McDaniel" - 07-01-22 0:45:06 Service Pack 2
ComboFix 07-01-21 - Running from: "C:\Documents and Settings\David McDaniel\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\unsvchosts.lzma
C:\INSTALL.LOG
C:\Program Files\Common Files\{30875~1

((((((((((((((((((((((((((((((( Files Created from 2006-12-22 to 2007-01-22 ))))))))))))))))))))))))))))))))))

2007-01-19 01:45 d-------- C:\Program Files\Common Files\Scanner
2007-01-19 01:38 d-------- C:\DOCUME~1\LOCALS~1\Application Data\McAfee.com Personal Firewall
2007-01-19 01:37 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2007-01-19 01:37 8,704 --a------ C:\WINDOWS\system32\MPFApi.dll
2007-01-19 01:37 d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\mcafee.com personal firewall
2007-01-19 01:37 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\McAfee.com Personal Firewall
2007-01-19 01:35 d-------- C:\Program Files\CA
2007-01-19 01:33 8,448 --a------ C:\WINDOWS\system32\drivers\EntDrv51.sys
2007-01-19 01:32 41,018 --a------ C:\WINDOWS\system32\EntAPI.dll
2007-01-19 01:32 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-01-19 01:31 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-01-19 01:31 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-01-19 01:31 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2007-01-19 01:31 d-------- C:\Program Files\Common Files\McAfee
2007-01-19 01:30 d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-19 01:30 d-------- C:\Program Files\mcafee.com
2007-01-19 01:30 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\AOL
2007-01-19 01:29 d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-01-19 01:26 d-------- C:\Program Files\Common Files\aolshare
2007-01-19 01:26 d-------- C:\Program Files\Common Files\AOL
2007-01-19 01:25 d-------- C:\Program Files\AOL
2007-01-19 00:32 d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2007-01-17 07:26 d-------- C:\WINDOWS\system32\ActiveScan
2007-01-17 01:16 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-16 04:58 d----c--- C:\VundoFix Backups
2007-01-13 13:19 d-------- C:\Program Files\ItsDeductible2006
2007-01-13 13:18 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-01-13 13:10 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\InstallShield
2007-01-10 04:01 d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\r2 Studios
2007-01-10 04:01 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\r2 Studios
2007-01-10 03:50 d-------- C:\WINDOWS\ie7updates
2007-01-09 07:25 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\Uniblue
2007-01-08 04:37 d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-08 04:25 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\Lavasoft
2007-01-08 03:43 22,541 --ahs---- C:\WINDOWS\system32\iifgfdd.dll
2007-01-08 01:33 d----c--- C:\SDFix
2007-01-07 16:07 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\vlc
2007-01-06 17:39 dr--s---- C:\WINDOWS\assembly
2007-01-06 17:39 d-------- C:\WINDOWS\system32\URTTemp
2007-01-06 17:39 d-------- C:\WINDOWS\Microsoft.NET
2007-01-06 15:57 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-01-06 15:57 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-01-06 15:57 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-01-06 15:57 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-01-06 15:57 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-01-06 15:56 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-01-06 15:56 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-01-06 15:54 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-06 15:48 d-------- C:\Program Files\JL2005C
2006-12-29 08:10 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\apm
2006-12-26 00:52 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\PI
2006-12-26 00:48 d-------- C:\DOCUME~1\DAVIDM~1\Application Data\StumbleUpon

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-19 07:18 -------- d-------- C:\Program Files\movie maker
2007-01-19 05:22 560 --a------ C:\Program Files\global.sw
2007-01-18 01:01 -------- d-------- C:\Program Files\Common Files\opc foundation
2007-01-18 01:00 -------- d-------- C:\Program Files\apoint
2007-01-13 13:18 -------- d--h----- C:\Program Files\installshield installation information
2007-01-10 03:38 -------- d---s---- C:\DOCUME~1\DAVIDM~1\Application Data\microsoft
2007-01-08 05:45 -------- d-------- C:\Program Files\java
2007-01-08 03:39 -------- d-------- C:\DOCUME~1\DAVIDM~1\Application Data\simple sudoku
2006-12-31 12:48 -------- d-------- C:\Program Files\games
2006-12-21 01:16 -------- d-------- C:\DOCUME~1\DAVIDM~1\Application Data\adobeaum
2006-12-12 07:49 -------- d-------- C:\Program Files\support.com
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Start WingMan Profiler"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PRIVANAL"=""
"SpybotSD TeaTimer"="D:\\Downloads\\Anti - Spyware\\Spybot\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"AtiPTA"="Atiptaxx.exe"
"ZTgServerSwitch"="c:\\program files\\support.com\\client\\lserver\\server.vbs"
"MaxtorCombo"="\"C:\\PROGRA~1\\Dantz\\RETROS~1\\ComboButton.exe\""
"MXO Auto Loader"="C:\\WINDOWS\\MXOaldr.exe"
"AS00_Gear511"="D:\\Program Files\\NETGEAR\\WG511SCU\\Utility\\Gear511.exe -hide"
"AVG7_CC"="d:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="d:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"RegistryMechanic"=""
"StartupDelayer"="\"D:\\Program Files\\r2 Studios\\Startup Delayer\\Startup Launcher GUI.exe\""
"Papirus Systray Resident"="\"D:\\Palm\\STPTRemote.exe\""
"Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1169188035\\ee\\AOLSoftware.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1169188035\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1169188035\\ee\\SSCRun.exe"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B4A062B6-F310-475C-9483-FABA4F8300BF}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AVG7_Run"="d:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AVG7_Run"="d:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvvw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windph32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BAAD5DE5-8B1B-4567-9A6C-16837119B8A3}.job

Completion time: 07-01-22 0:52:02
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#9 ·
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\iifgfdd.dll
C:\Documents and Settings\David McDaniel\Favorites\shopping\eBay.url
C:\WINDOWS\system32\iiffcyx.dll
C:\WINDOWS\system32\vssms32.exe

Folders to delete:
c:\program files\common files\WhenU
C:\Program Files\Common Files\{3087541E-03E8-1033-0224-020111220001}
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
 
1 - 9 of 9 Posts
Status
Not open for further replies.
About this Discussion
8 Replies
2 Participants
Last post:
Cheeseball81
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top