MontanaMenagerie - View topic

Page 1 of 3

[ 53 posts ]

Go to page 1, 2, 3 Next

my Hijack log
Author	Message
Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	my Hijack log also Activescan Incident Status Location Adware:adware/keenvalue Not disinfected c:\windows\system32\drivers\etc\hosts.bho Adware:adware/windowenhancer Not disinfected c:\windows\system32\SBUtils Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CAREY\Desktop\SmitfraudFix\Process.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\CAREY\Desktop\SmitfraudFix\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\CAREY\Desktop\SmitfraudFix\restart.exe Virus:Generic Malware Disinfected C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE] Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE] Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Virus:W32/Spybot.FG.worm Disinfected news.cable.ntlworld.com\3b.misc\Christina Aguilera nipple showing\Christina_Aguilera.scr my pc as been playing up some times when i log on..it freezes .then shuts down and starts up by it's self.and if i leave my pc on stand by.when i come back.it cant find the web page.so i have to restart it all over again.which is a pain because i do a lot of psp. thank you carol
Thu Jan 03, 2008 6:20 pm

JeanInMontana It's Mine!! Posts: 2755 Joined: Fri Jun 08, 2007 6:10 am Location: South Central Montana	Hi Carol. Sorry for the delay in response, I have been tied up and took a day away from my forum work. First, please get rid of the version of HiJack This you have. It is not current. Next delete the Smitfraud tool you have on your desktop. Then do this please: If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. _________________ ~Betrayal is the only truth that sticks.~ Arthur Miller Donating any amount helps keep this site alive. Last edited by JeanInMontana on Fri Jan 04, 2008 2:22 pm, edited 1 time in total.
Fri Jan 04, 2008 11:24 am

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	Hi Jean. i got rid of what you told me too.smitfraud tool also Hijackthis......as you said mine wasent a current?but where do i find Hijackthis to down load? thanks carol
Fri Jan 04, 2008 1:20 pm

JeanInMontana It's Mine!! Posts: 2755 Joined: Fri Jun 08, 2007 6:10 am Location: South Central Montana	All links to all requested actions are in my post Carol. All you have to do is click on the links and do the scans etc. Sorry I see there was an error in the post, I have corrected it. _________________ ~Betrayal is the only truth that sticks.~ Arthur Miller Donating any amount helps keep this site alive.
Fri Jan 04, 2008 2:20 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	here is AVG scan found nothing
Fri Jan 04, 2008 5:39 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	Incident Status Location Adware:adware/keenvalue Not disinfected c:\windows\system32\drivers\etc\hosts.bho Adware:adware/windowenhancer Not disinfected c:\windows\system32\SBUtils Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CAREY\Cookies\carey@ad.yieldmanager[1].txt Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE] Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE] Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe my Adware scan
Fri Jan 04, 2008 6:49 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:03:26, on 05/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~2\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~2\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3398516097-683897620-991319064-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/r ... nPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager ... Plugin.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.incredigames.com/online2/zum ... der_v5.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7546 bytes jean i see in this Hijack this log above. 04 global start up paltalk and 016-Dpf www incredigames.com.i no longer have them on my pc.i got rid of the ages ago? thank you carol
Fri Jan 04, 2008 7:18 pm

JeanInMontana It's Mine!! Posts: 2755 Joined: Fri Jun 08, 2007 6:10 am Location: South Central Montana	Carol I need a log from the program here http://free.grisoft.com/doc/28415/lng/us/tpl/v5. You posted a picture of your anti virus. I want you to get the anti spyware program and update it and run a full system scan and post the log. Be sure you set it to remove or take action on everything it finds. Post that log and a new HJT please. _________________ ~Betrayal is the only truth that sticks.~ Arthur Miller Donating any amount helps keep this site alive.
Sat Jan 05, 2008 3:25 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	Hi Jean.i did i scan with AVG-anti spyware.with not useing it before.diden't know how to use it.i put it in quarantine.but when i looked later it wasent there?so i did a 2nd scan will post that next.in the 2nd scan i shows it is in quarantine?i even did a 3rd scan found nothing...all ok.so i hope i got rid of it. thanks carol
Sun Jan 06, 2008 11:03 am

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	2nd scan
Sun Jan 06, 2008 11:04 am

JeanInMontana It's Mine!! Posts: 2755 Joined: Fri Jun 08, 2007 6:10 am Location: South Central Montana	Carol pictures are not logs. Please follow these instructions below very carefully, and post the log from AVG Antispyware, not a picture of any program. * Click the Update icon at the top and under Manual Update click the Start update button. * The program will either update or inform you that no update was available. * It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here Manual Update (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database). Then delete the installer from your desktop. Please set up the program as follows: * Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive. * Click the Update icon and untick the automatic update option. * Click on Scanner on the toolbar. * Click on the Settings tab. o Under How to act? - make sure that Quarantine is selected. o Under How to scan? - All checkboxes should be ticked. o Under Possibly unwanted software - All checkboxes should be ticked. o Under Reports - Select Do not automatically generate reports. o Under What to scan? - Select Scan every file. Close all open windows. Reboot your computer into SafeMode You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: * Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. * Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". * AVG will now begin the scanning process, be patient this may take a little time. * Let the program scan your computer. * When the scan has finished, follow the instructions below:[list] * Make sure that Set all elements to: shows Quarantine * Important: Click on the Apply all Actions button (* This must done before saving the report ) When the program has finished, it will display the message All actions have been applied. * Then click the Save Scan Report button. * Click the Save Report as button. * Save the report to your Desktop. * Right-click the AVG Tray Icon and select Exit. Confirm by clicking Yes. * Reboot in normal mode and copy the report back to this topic along with a new HijackThis log. Restart your computer in normal mode. _________________ ~Betrayal is the only truth that sticks.~ Arthur Miller Donating any amount helps keep this site alive.
Sun Jan 06, 2008 2:36 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	hi jean .im sorry about above.i will do as you said above.when i can get my pc to come back on.after i sent you the logs.i left my pc on stand by.when i came back.nothing would come on screen.i could hear it start up.........i pressd f8.nothing ........been trying for ages .i only have one modem .so i am using it on this new laptop.[window vista] even this is driving me mad..the cursor.is jumping all over the page.......it can be at the top ot middle........not where i want it.its taking me ages to even write this. i even think of throwing this latop out the window..........carol
Sun Jan 06, 2008 3:13 pm

JeanInMontana It's Mine!! Posts: 2755 Joined: Fri Jun 08, 2007 6:10 am Location: South Central Montana	Just reboot in normal then Carol and run the scan that way. If you can. It doesn't have to be in safe mode. _________________ ~Betrayal is the only truth that sticks.~ Arthur Miller Donating any amount helps keep this site alive.
Sun Jan 06, 2008 11:37 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:45:44 08/01/2008 + Scan result: Nothing found. ::Report end sorry took so long pc froze a few times while doing scan..first time.i touch mouse..it froze...2nd time touch nothing...will post Hijack log next.jean i was watching what it scanned....and Norton came up......not had that on pc since 2005.and AOL......i used to have that on my pc way back in 2003..or 2004.i thought i took it all off my pc......took it off when i got broadband. thank you for all your help carol
Tue Jan 08, 2008 3:59 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:01:07, on 08/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~2\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~2\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/r ... nPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager ... Plugin.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.incredigames.com/online2/zum ... der_v5.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7663 bytes
Tue Jan 08, 2008 4:02 pm

JeanInMontana It's Mine!! Posts: 2755 Joined: Fri Jun 08, 2007 6:10 am Location: South Central Montana	I just can't believe there wasn't at least one tracking cookie on the machine. I don't think you got the whole log or else it didn't actually complete the scan. With it freezing this could be the case. Let's do this Carol: 1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exe Or from here: http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall. Full instructions with pictures on how to run this program if needed are here http://www.bleepingcomputer.com/combofi ... e-combofix _________________ ~Betrayal is the only truth that sticks.~ Arthur Miller Donating any amount helps keep this site alive.
Wed Jan 09, 2008 1:11 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	Hi Jean.i think my pc is very sick now. it took me ages to get it to start up. and windows started up.there was this loud whisting sound.omg i tryed again and same thing happen
Wed Jan 09, 2008 1:17 pm

JeanInMontana It's Mine!! Posts: 2755 Joined: Fri Jun 08, 2007 6:10 am Location: South Central Montana	That sounds like more than malware Carol. I don't know what to think about whistles. Will it boot at all? _________________ ~Betrayal is the only truth that sticks.~ Arthur Miller Donating any amount helps keep this site alive.
Wed Jan 09, 2008 1:19 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	jean after a long time i got on line.....i clicked on 1st one sbove///said webpage cannot be found...2nd one..404 not found...??
Wed Jan 09, 2008 2:51 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	ComboFix 08-01-10.2 - CAREY 2008-01-09 22:03:48.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.196 [GMT 0:00] Running from: C:\Documents and Settings\CAREY\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\CAREY\Application Data\DriveCleaner 2006 Free C:\Documents and Settings\CAREY\Application Data\DriveCleaner 2006 Free\Logs\update.log C:\Documents and Settings\CAREY\Application Data\macromedia\Flash Player\#SharedObjects\S2EKHLD9\iforex.com C:\Documents and Settings\CAREY\Application Data\macromedia\Flash Player\#SharedObjects\S2EKHLD9\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\CAREY\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\CAREY\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\CAREY\err.log C:\WA6P C:\WINDOWS\system32\MabryObj.dll C:\WINDOWS\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_FOPN -------\LEGACY_VSPF -------\LEGACY_VSPF_HK ((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))) . 2008-01-09 21:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 01:22 . 2008-01-06 01:22 <DIR> d-------- C:\Documents and Settings\CAREY\Application Data\Grisoft 2008-01-06 01:21 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-05 00:58 . 2008-01-05 01:00 396,288 --a------ C:\HijackThis.exe 2008-01-05 00:56 . 2008-01-05 00:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-04 22:18 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\toydxrcnwehd.sys 2008-01-03 21:20 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-01-03 21:17 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\tdxhncspnnaa.sys 2008-01-03 20:55 . 2008-01-05 00:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-01-03 20:55 . 2008-01-04 21:53 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-01-03 20:55 . 2008-01-04 21:53 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-03 20:55 . 2008-01-04 21:53 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-29 22:44 . 2007-12-29 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-09 20:44 --------- d-----w C:\Documents and Settings\CAREY\Application Data\AVG7 2008-01-06 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-01-06 01:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-04 23:48 --------- d-----w C:\Program Files\QuickTime 2008-01-04 23:48 --------- d-----w C:\Program Files\MSN Messenger 2007-12-29 22:44 --------- d-----w C:\Program Files\Family Tree Maker 2005 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-05-24 15:43 191,864 ----a-w C:\Documents and Settings\CAREY\Application Data\GDIPFONTCACHEV1.DAT 2006-12-03 12:26 49 ----a-w C:\Documents and Settings\CAREY\Application Data\internaldb41.dat 2006-12-03 12:26 382 ----a-w C:\Documents and Settings\CAREY\Application Data\internaldb1942.dat 2006-12-02 22:10 69,632 ----a-w C:\Documents and Settings\CAREY\Application Data\internaldb4827.dat 2006-12-02 22:10 151 ----a-w C:\Documents and Settings\CAREY\Application Data\internaldb8253.dat 2006-12-02 22:10 0 -c--a-w C:\Documents and Settings\CAREY\Application Data\internaldb5160.dat 2006-11-25 12:43 0 -c--a-w C:\Program Files\Common Files\err.log 2006-11-18 09:54 0 -c--a-w C:\Documents and Settings\CAREY\Application Data\internaldb6359.dat 2006-11-16 19:52 0 -c--a-w C:\Documents and Settings\CAREY\Application Data\internaldb5436.dat 2006-11-14 14:50 0 -c--a-w C:\Documents and Settings\CAREY\Application Data\internaldb8818.dat 2006-11-14 14:50 0 -c--a-w C:\Documents and Settings\CAREY\Application Data\internaldb7914.dat 2006-10-23 00:07 9,216 ----a-w C:\Documents and Settings\CAREY\Application Data\internaldb8467.dat 2006-10-23 00:07 0 -c--a-w C:\Documents and Settings\CAREY\Application Data\internaldb6334.dat 2005-07-16 13:57 479,949,481 ----a-w C:\Documents and Settings\CAREY\AGI.zip 1998-10-02 14:16 789,504 ----a-w C:\Documents and Settings\CAREY\VPLAY2.EXE 1997-03-26 12:36 57,344 ----a-w C:\Documents and Settings\CAREY\VIATEST.EXE 1997-02-21 13:23 74,688 ----a-w C:\Documents and Settings\CAREY\VPLAY3.EXE 1996-10-15 19:01 298,496 ----a-w C:\Documents and Settings\CAREY\UNINST.EXE 2001-08-18 11:00 94,784 --sh--w C:\WINDOWS\twain.dll 2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll 2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2004-08-04 07:56 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll 2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2007-05-17 11:28 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll 2004-08-04 07:56 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebCamRT.exe"="" [] "Update Service"="C:\Program Files\Common Files\Teknum Systems\update.exe" [ ] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~2\data\Xtras\mssysmgr.exe" [2005-02-01 21:43 163840] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 12:34 299008] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 90112] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 155648] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57 45056] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 22:12 579072] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2006-10-01 13:03 255552] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-07 17:42 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-04 16:55 98304] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-27 07:08 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ CorrectConnect.lnk - C:\Program Files\CConnect\CConnect.exe [2003-10-01 17:53:53] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 07:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2002-07-24 07:20 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2002-02-01 18:46 303104 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-07-04 16:55 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-06-07 17:42 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 13:52] R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 12:38] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17] R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 18:42] R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 18:43] S3 NTPASp50;NTPASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\NTPASp50.sys [2006-01-18 13:05] S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 14:16] S3 Rapter2USBConexant;Generic 1.3 CMOS DSC;C:\WINDOWS\system32\DRIVERS\Rapvid.sys [2002-06-19 15:14] S3 Smc1046;EZ Connect USB to Dual Speed Ethernet Converter;C:\WINDOWS\system32\DRIVERS\SMCUSB.sys [2002-06-21 10:36] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 07:01] S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 16:09] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-10 22:18:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-10 22:27:32 - machine was rebooted [CAREY] ComboFix-quarantined-files.txt 2008-01-10 22:27:29 . 2008-01-09 21:12:04 --- E O F ---
Wed Jan 09, 2008 4:35 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	Hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:38:50, on 10/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~2\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~2\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/r ... nPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager ... Plugin.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.incredigames.com/online2/zum ... der_v5.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7631 bytes
Wed Jan 09, 2008 4:40 pm

JeanInMontana It's Mine!! Posts: 2755 Joined: Fri Jun 08, 2007 6:10 am Location: South Central Montana	Carol your log looks fine and Combofix found some more bad stuff. You can run HJT again and put a check next to this line: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) Then click fix. You have a way outdated version of Adobe reader, one that is known to be exploitable. You should update to the current version 8. Are you running any better? _________________ ~Betrayal is the only truth that sticks.~ Arthur Miller Donating any amount helps keep this site alive.
Thu Jan 10, 2008 6:19 am

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	Hi Jean. my pc restarted it self.when i first came on line......then it froze up.as i was writing you a message.i got rid off the yahoo tool bar in Hij.the Acrobat reader i have there is no where to click for a up date? im sending you 3 pictures of my power options.can you see if there set right? thought it might be where this pc keeps shutting down?? thank you for all your help carol
Thu Jan 10, 2008 2:30 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm
Thu Jan 10, 2008 2:35 pm

Lonesomedove I Joined Up Posts: 32 Joined: Sun Oct 21, 2007 4:09 pm	sorry i sent one 2 times
Thu Jan 10, 2008 2:35 pm

Display posts from previous: Sort by

Page 1 of 3

[ 53 posts ]

Go to page 1, 2, 3 Next

my Hijack log

Who is online