Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 17 of 17 Posts

·
Registered
Joined
·
10 Posts
Discussion Starter · #1 ·
It was suggested that I repost this over here...so apologies for a duplicate post in the other section.

I've had a few issues of late that I need assistance with. I noticed over the last week some odd happenings on my PC. Then AVG started picking up a few trojans:

Trojan Horse BackDoor.Agent.DEO c:\WINDOWS\SYSTEM32\Security.exe
Trojan Horse PSW.Generic2.TLV c:\WINDOWS\SYSTEM32\jbhook.dll

First problem I encountered was that I couldn't view any hidden files. I discovered this as I went to take a look at windows files. I couldn't get Exporer to change the settings from the views section. Oddly enough, I'd go in and both boxes were checked to keep hidden files hidden and keep them viewable. Very odd. So I went into the registry and manually changed the default settings so all would be viewable.

Then, the next day, my desktop icons disappeared. I have access to the start menu and toolbar and viewing the desktop through the explorer menus lets me see that all the programs are there, however they're hidden from view when I look directly at the desktop. It only shows my background image. I'm assuming this is a virus causing this and I'm relatively comfortable editing registry keys and using the windows tools but without knowing what virus this is specifically or what is causing this, editing is out of the question. I'm running a Dell Dimension Desktop unit with XP Pro as the OS.

The other issue that keeps popping up is that as I reboot, windows explorer opens to the svchost file.

Thoughts? Have you seen this before? Listed below is the HijackThis Logfile.

Logfile of HijackThis v1.99.1
Scan saved at 3:08:22 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\WINDOWS\system32\SVCH0ST.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\system32\system43.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [system43.exe] C:\WINDOWS\system32\system43.exe
O4 - HKLM\..\Run: [DxDialog] C:\WINDOWS\system32\dxdlg32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JavaConnect - https://sametime.rccb.osis.gov/sametime/javaconnect/JavaConnect.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123457228605
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123456960121
O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) - https://sametime.rccb.osis.gov/sametime/javaconnect/InstallSTConnAgent.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)
 

·
Retired Moderator
Joined
·
84,301 Posts
Hi and welcome :)

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #3 ·
Ok...here's what we have now:

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 3:42:22 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\WINDOWS\system32\SVCH0ST.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio

Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator

6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator

6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

/AUTOSTART
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [DxDialog] C:\WINDOWS\system32\dxdlg32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft

Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program

Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JavaConnect -

https://sametime.rccb.osis.gov/sametime/javaconnect/JavaConnect.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} -

http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -

http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) -

http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/Quic

kTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1

123457228605
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1

123456960121
O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) -

https://sametime.rccb.osis.gov/sametime/javaconnect/InstallSTConnAgent.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) -

http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program

Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner -

C:\WINDOWS\system32\Security.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network

Monitor\WLService.exe" "WMP54G.exe (file missing)
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #4 ·
AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:35:53 AM 1/10/2007

+ Scan result:

C:\Documents and Settings\Todd\Local Settings\Temp\__unin__.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\DMinfo2.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\TopSearch -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : No action taken.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : No action taken.
HKLM\SOFTWARE\Classes\WinShow.ViewSource -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\WinShow.ViewSource.1 -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\WinShow.ViewSource\CLSID -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\WinShow.ViewSource\CurVer -> Adware.CoolWebSearch : No action taken.
HKU\S-1-5-21-1685927933-1582333133-359561344-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\p2psetup.exe -> Adware.P2PNet : No action taken.
C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl -> Adware.P2PNet : No action taken.
C:\WINDOWS\SYSTEM32\P2P Networking -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\SYSTEM32\P2P Networking\Cache -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\SYSTEM32\P2P Networking\Cache\Database -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\SYSTEM32\P2P Networking\Cache\Database\file-5001-1146228756.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\SYSTEM32\P2P Networking\Cache\Database\index256.dbb -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL.DLL -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : No action taken.
C:\Program Files\PerfectNav -> Adware.PerfectNav : No action taken.
C:\Program Files\PerfectNav\BHO -> Adware.PerfectNav : No action taken.
C:\RECYCLER\S-1-5-21-1685927933-1582333133-359561344-1006\Dc48.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP460\A0032713.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP460\A0032714.dll -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032756.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032757.dll -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032784.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032785.dll -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032800.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032801.dll -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032823.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032824.dll -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032861.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032862.dll -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032875.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032876.dll -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032893.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032894.dll -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032920.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032921.dll -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032934.exe -> Backdoor.Agent.ajq : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032935.dll -> Backdoor.Agent.ajq : No action taken.
C:\WINDOWS\SYSTEM32\userspi.dll -> Backdoor.Agent.ajq : No action taken.
C:\WINDOWS\SYSTEM32\winlogin.exe -> Backdoor.Agent.ajq : No action taken.
[1032] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : No action taken.
[828] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : No action taken.
[836] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : No action taken.
[944] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : No action taken.
[952] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected]e[1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #5 ·
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected]2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected]2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Paycounter : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Realtracker : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected]da[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Trakkerd : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Xxxcounter : No action taken.
C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Xxxcounter : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : No action taken.
C:\Program Files\Microsoft\svhost32.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP454\A0031501.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP455\A0031557.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP456\A0031582.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP457\A0031607.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP457\A0031626.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP458\A0031649.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP458\A0031686.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP459\A0031714.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP460\A0032715.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032758.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032786.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032802.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032825.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032863.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032877.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032895.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032922.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032936.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP461\A0032799.dll -> Trojan.Small.br : No action taken.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP462\A0032880.dll -> Trojan.Small.br : No action taken.
C:\WINDOWS\SYSTEM32\jbhook.dll -> Trojan.Small.br : No action taken.

::Report end
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #6 ·
Panda

Incident Status Location

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1f2587dd-1899e83b.zip[Mein.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1f2587dd-1899e83b.zip[ProbeLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1f2587dd-1899e83b.zip[Dummy.class]
Virus:Trojan Horse Disinfected C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1f2587dd-1899e83b.zip[Beyond.class]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][4].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][5].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][7].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Todd\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Todd\Local Settings\Temp\Cookies\[email protected][1].txt
Virus:Trj/Downloader.LYW Disinfected C:\Documents and Settings\Todd\Local Settings\Temp\svchost.exe
Virus:Trj/Lineage.BXR Disinfected C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\Content.IE5\DQSB1F1Y\jb[1].exe
Virus:Trj/Agent.DLW Disinfected C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\Content.IE5\DQSB1F1Y\wwww[1].exe
Virus:Trj/Agent.DLW Disinfected C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\Content.IE5\ELDERMT0\wwww[1].exe
Virus:Trj/Agent.DLW Disinfected C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\Content.IE5\Q5CJI165\wwww[1].exe
Adware:adware/searchaid Not disinfected C:\WINDOWS\dict.dat
Potentially unwanted tool:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/cydoor Not disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll
Virus:Trj/Lineage.BXR Disinfected C:\WINDOWS\SYSTEM32\dms.dll
Virus:Trj/Downloader.LYW Disinfected C:\WINDOWS\SYSTEM32\system43.exe
Virus:Trj/Lineage.BZM Disinfected C:\WINDOWS\SYSTEM32\userspi.dll

After everything has been cleaned/quarantined/wiped it still boots without the desktop icons yet they still show in the Desktop menu in Explorer.
 

·
Retired Moderator
Joined
·
84,301 Posts
* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    • If you use Firefox:
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera:
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.



        [*]NOTE:
        If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
__________________________________________________________________________

Click Start | Settings | Control Panel
Click the Java Plugin Icon
Click the Cache tab
Click the Clear button and click OK to confirm
Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel.

or

Control Panel > Java > General tab
Temporary Internet Files > Delete Files
Checkmark all 3 options and click OK.
__________________________________________________________________________

Download Combofix to your desktop:

* Double-click Combofix.exe and follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not mouse click Combofix's window while it's running. That may cause it to stall.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #8 ·
Here's the Log:

Todd - 07-01-10 16:23:49.81 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Todd\My Documents"

((((((((((((((((((((((((((((((( Files Created from 2006-12-10 to 2007-01-10 ))))))))))))))))))))))))))))))))))

2007-01-10 05:44 d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-01-09 22:52 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-01-09 15:03 d-------- C:\Program Files\HijackThis
2007-01-09 13:56 d--h----- C:\WINDOWS\PIF
2007-01-03 19:32 2,560 -r-hs---- C:\WINDOWS\SYSTEM32\jbloader.dll
2007-01-03 19:31 190,464 -r-hs---- C:\WINDOWS\SYSTEM32\SVCH0ST.EXE
2006-12-25 17:36 d-------- C:\Program Files\Microsoft
2006-12-21 14:52 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
2006-12-21 14:52 18,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-10 06:17 -------- d-------- C:\Program Files\WMP54GS Wireless Network Monitor
2007-01-10 06:15 -------- d-------- C:\Program Files\QuickTime
2007-01-10 06:11 -------- d-------- C:\Program Files\iTunes
2007-01-10 06:10 -------- d-------- C:\Program Files\Internet Explorer
2007-01-10 06:09 -------- d-------- C:\Program Files\Digital Line Detect
2007-01-10 06:04 -------- d-------- C:\Program Files\AIM95
2007-01-09 22:52 -------- d-------- C:\Program Files\Grisoft
2007-01-07 21:47 -------- d-------- C:\Documents and Settings\Todd\Application Data\AVG7
2006-12-29 00:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-21 14:52 816672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-12-21 14:52 4960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys
2006-12-21 14:52 4224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
2006-12-21 14:52 28416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-12-02 11:55 -------- d-------- C:\Program Files\Support.com
2006-11-26 20:04 -------- d-------- C:\Program Files\Windows Media Player
2006-11-24 14:44 -------- d-------- C:\Program Files\GenoPro
2006-11-24 14:43 -------- d-------- C:\Program Files\Family Tree Maker 16
2006-11-24 14:41 -------- d-------- C:\Documents and Settings\Todd\Application Data\MyFamily.com
2006-11-14 15:43 -------- d-------- C:\Program Files\Avid
2006-11-14 15:42 -------- d-------- C:\Program Files\Video Editing
2006-11-14 15:29 -------- d-------- C:\Documents and Settings\Todd\Application Data\Apple Computer

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioAudioCentral"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"PRONoMgr.exe"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"P2P Networking"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"AHQInit"="C:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ms"="C:\\Program Files\\Microsoft\\svhost32.exe"
"DxDialog"="C:\\WINDOWS\\system32\\dxdlg32.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{55667788-ABCD-1234-5678-00C04FD8DBD8}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoBandCustomize"=dword:00000000
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll"

Completion time: 07-01-10 16:25:16.68
C:\ComboFix.txt ... 07-01-10 16:25
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #10 ·
Sure:

Logfile of HijackThis v1.99.1
Scan saved at 4:52:44 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SVCH0ST.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [DxDialog] C:\WINDOWS\system32\dxdlg32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JavaConnect - https://sametime.rccb.osis.gov/sametime/javaconnect/JavaConnect.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123457228605
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123456960121
O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) - https://sametime.rccb.osis.gov/sametime/javaconnect/InstallSTConnAgent.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)
 

·
Retired Moderator
Joined
·
84,301 Posts
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\SYSTEM32\jbloader.dll
C:\WINDOWS\SYSTEM32\SVCH0ST.EXE
C:\WINDOWS\dict.dat
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\SYSTEM32\cd_clint.dll
C:\WINDOWS\SYSTEM32\dms.dll
C:\WINDOWS\SYSTEM32\system43.exe
C:\WINDOWS\SYSTEM32\userspi.dll
c:\WINDOWS\SYSTEM32\Security.exe
c:\WINDOWS\SYSTEM32\jbhook.dll

Folders to delete:
C:\WINDOWS\System32\P2P Networking
C:\Program Files\Microsoft

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

And post a new Hijack This log.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #12 ·
Avenger Log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\emapplrh

*******************

Script file located at: \??\C:\WINDOWS\system32\scxlchcs.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\jbloader.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\SVCH0ST.EXE deleted successfully.
File C:\WINDOWS\dict.dat deleted successfully.
File C:\WINDOWS\smdat32a.sys deleted successfully.
File C:\WINDOWS\SYSTEM32\cd_clint.dll deleted successfully.

File C:\WINDOWS\SYSTEM32\dms.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\dms.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\dms.dll
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\system43.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\system43.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\system43.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\userspi.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\userspi.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\userspi.dll
Status: 0xc0000034

File c:\WINDOWS\SYSTEM32\Security.exe not found!
Deletion of file c:\WINDOWS\SYSTEM32\Security.exe failed!

Could not process line:
c:\WINDOWS\SYSTEM32\Security.exe
Status: 0xc0000034

File c:\WINDOWS\SYSTEM32\jbhook.dll deleted successfully.

Folder C:\WINDOWS\System32\P2P Networking not found!
Deletion of folder C:\WINDOWS\System32\P2P Networking failed!

Could not process line:
C:\WINDOWS\System32\P2P Networking
Status: 0xc0000034

Folder C:\Program Files\Microsoft deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 7:33:51 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [DxDialog] C:\WINDOWS\system32\dxdlg32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JavaConnect - https://sametime.rccb.osis.gov/sametime/javaconnect/JavaConnect.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123457228605
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123456960121
O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) - https://sametime.rccb.osis.gov/sametime/javaconnect/InstallSTConnAgent.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)

I don't know if this helps, but the Icons are still not showing on my desktop and when I went to take a look, the hidden files will not come up again. Both boxes are checked in explorer. I'll got around this last time by manually editing the registry...
 

·
Retired Moderator
Joined
·
84,301 Posts
Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe

O4 - HKLM\..\Run: [DxDialog] C:\WINDOWS\system32\dxdlg32.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)


Reboot, post a new log.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #14 ·
Logfile of HijackThis v1.99.1
Scan saved at 10:59:37 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JavaConnect - https://sametime.rccb.osis.gov/sametime/javaconnect/JavaConnect.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123457228605
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123456960121
O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) - https://sametime.rccb.osis.gov/sametime/javaconnect/InstallSTConnAgent.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #16 ·
Desktop Icons are back but I still can't see hidden windows system files. I went into the registry manually and modified:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

And wiped the Hidden value and then created a new REG_DWORD of Hidden and set the value to 1 and this seems to work. Anything else I should be doing?

EDIT: After modifying the registry, I can see all the hidden files now. Not sure how long this will last though.
 
1 - 17 of 17 Posts
Status
Not open for further replies.
Top