|
|
|
Hijack/fixware out issue
|
|
|
juliemay
Suspended due to non-functional email address
|
28. February 2007 @ 23:38 |
Link to this message
|
Hi there..I am very new to this site and am having internet problems, also pop ups with ie 7..I was wondering if someone could have a look at my 2 log files and advise me what I could do. Many thanks. Julie Logfile of HijackThis v1.99.1
Scan saved at 09:17:59, on 01/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AOL 9.0 VRa\waol.exe
C:\Program Files\Common Files\AOL\1172256959\ee\aolsoftware.exe
c:\program files\common files\aol\1172256959\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1172256959\ee\aolsoftware.exe
C:\Program Files\AOL 9.0 VRa\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Julie May Clark\My Documents\Downloads\Programs\HijackThis_v1.99.1.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\~AceTemp\hijackthis_2\HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [COMODO firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Roam meow] C:\DOCUME~1\JULIEM~1\APPLIC~1\16SLOW~1\ReadmeDash.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...973/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: BDMBKZBCJX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\BDMBKZBCJX.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Fixwareout Last edited 2/11/2007
Post this report in the forums please Logfile of HijackThis v1.99.1
Scan saved at 09:17:59, on 01/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AOL 9.0 VRa\waol.exe
C:\Program Files\Common Files\AOL\1172256959\ee\aolsoftware.exe
c:\program files\common files\aol\1172256959\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1172256959\ee\aolsoftware.exe
C:\Program Files\AOL 9.0 VRa\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Julie May Clark\My Documents\Downloads\Programs\HijackThis_v1.99.1.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\~AceTemp\hijackthis_2\HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [COMODO firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Roam meow] C:\DOCUME~1\JULIEM~1\APPLIC~1\16SLOW~1\ReadmeDash.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...973/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: BDMBKZBCJX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\BDMBKZBCJX.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
...
»»»»»Prerun check
»»»»» System restarted
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Roam meow"="C:\\DOCUME~1\\JULIEM~1\\APPLIC~1\\16SLOW~1\\ReadmeDash.exe"
"Spamihilator"="\"C:\\Program Files\\Spamihilator\\spamihilator.exe\""
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""
"PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
|
|
Advertisement
|
|
|
|
|
KotaGuy
Member
|
1. March 2007 @ 16:36 |
Link to this message
|
Hi Julie.
Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
[*]First close any other programs you have running as this will require a reboot
[*]Double click NoLop.exe to run it
[*]Now click the button labelled " Search and Destroy"
<<your computer will now be scanned for infected files>>
[*] When scanning is finished you will be prompted to reboot only if infected, Click OK
[*] Now click the " REBOOT" Button.
[*] A Message should popup from NoLop. If not, double click the program again and it will finish.
Please Post the contents of C:\NoLop.log along with a fresh HijackThis log.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--
|
|
juliemay
Suspended due to non-functional email address
|
2. March 2007 @ 22:19 |
Link to this message
|
Hi ya, many thanks for your help...sorry for delay, I lost have lost my welcome screen on aol, cant get onto internet via aol. I am using Firefox at mo but pc still not rightNoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\Julie May Clark\Application Data\IDM\DwnlData\Julie May Clark\NoLop_280
[02/03/2007]
[23:42:58]
---Infection Files Found/Removed---
C:\WINDOWS\tasks\ABFD087191CEBB3D.job
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Apple Computer
C:\Documents and Settings\Administrator\Application Data\Cyberlink
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Billeo
C:\Documents and Settings\All Users\Application Data\Ca
C:\Documents and Settings\All Users\Application Data\Comodo
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Datameowballinternet
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Iomatic
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Cyberlink
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Julie May Clark\Application Data\.bittornado
C:\Documents and Settings\Julie May Clark\Application Data\16 Slow
C:\Documents and Settings\Julie May Clark\Application Data\Adobe
C:\Documents and Settings\Julie May Clark\Application Data\Adobeum
C:\Documents and Settings\Julie May Clark\Application Data\Ahead
C:\Documents and Settings\Julie May Clark\Application Data\Aol
C:\Documents and Settings\Julie May Clark\Application Data\Apple Computer
C:\Documents and Settings\Julie May Clark\Application Data\Avant Profiles
C:\Documents and Settings\Julie May Clark\Application Data\Azureus
C:\Documents and Settings\Julie May Clark\Application Data\Bitroll
C:\Documents and Settings\Julie May Clark\Application Data\Bittorrent
C:\Documents and Settings\Julie May Clark\Application Data\Comodo
C:\Documents and Settings\Julie May Clark\Application Data\Cyberlink
C:\Documents and Settings\Julie May Clark\Application Data\Datalayer
C:\Documents and Settings\Julie May Clark\Application Data\Divx
C:\Documents and Settings\Julie May Clark\Application Data\Dmcache
C:\Documents and Settings\Julie May Clark\Application Data\Dvdcss
C:\Documents and Settings\Julie May Clark\Application Data\Foxytunes
C:\Documents and Settings\Julie May Clark\Application Data\Google
C:\Documents and Settings\Julie May Clark\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Julie May Clark\Application Data\Identities
C:\Documents and Settings\Julie May Clark\Application Data\Idm
C:\Documents and Settings\Julie May Clark\Application Data\Ie7pro
C:\Documents and Settings\Julie May Clark\Application Data\Lavasoft
C:\Documents and Settings\Julie May Clark\Application Data\Limewire
C:\Documents and Settings\Julie May Clark\Application Data\Macromedia
C:\Documents and Settings\Julie May Clark\Application Data\Mailwasherpro
C:\Documents and Settings\Julie May Clark\Application Data\Mcafee
C:\Documents and Settings\Julie May Clark\Application Data\Mcafee.com Personal firewall
C:\Documents and Settings\Julie May Clark\Application Data\Media Player Classic
C:\Documents and Settings\Julie May Clark\Application Data\Microsoft
C:\Documents and Settings\Julie May Clark\Application Data\Mozilla
C:\Documents and Settings\Julie May Clark\Application Data\Msn6
C:\Documents and Settings\Julie May Clark\Application Data\Msninstaller
C:\Documents and Settings\Julie May Clark\Application Data\Netscape
C:\Documents and Settings\Julie May Clark\Application Data\Nokia
C:\Documents and Settings\Julie May Clark\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Julie May Clark\Application Data\Opera
C:\Documents and Settings\Julie May Clark\Application Data\Pc Suite
C:\Documents and Settings\Julie May Clark\Application Data\Pc Tools
C:\Documents and Settings\Julie May Clark\Application Data\Pegasys Inc
C:\Documents and Settings\Julie May Clark\Application Data\Real
C:\Documents and Settings\Julie May Clark\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Julie May Clark\Application Data\Skype
C:\Documents and Settings\Julie May Clark\Application Data\Smart Pc Solutions
C:\Documents and Settings\Julie May Clark\Application Data\Sun
C:\Documents and Settings\Julie May Clark\Application Data\Torrent101
C:\Documents and Settings\Julie May Clark\Application Data\Trojanhunter
C:\Documents and Settings\Julie May Clark\Application Data\Utorrent
C:\Documents and Settings\Julie May Clark\Application Data\Vcdeasy
C:\Documents and Settings\Julie May Clark\Application Data\Viewpoint
C:\Documents and Settings\Julie May Clark\Application Data\Vlc
C:\Documents and Settings\Julie May Clark\Application Data\Webcompiler3
C:\Documents and Settings\Julie May Clark\Application Data\Winpatrol
C:\Documents and Settings\Julie May Clark\Application Data\Yahoo!
C:\Documents and Settings\Julie May Clark\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Localservice\Application Data\16 Slow
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
..enclosed are 2 log files u requested.Logfile of HijackThis v1.99.1
Scan saved at 08:09:39, on 03/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Julie May Clark\My Documents\Downloads\Programs\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\winlog.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\winlog.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...973/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - America Online, Inc. - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - (no file)
|
|
KotaGuy
Member
|
3. March 2007 @ 05:49 |
Link to this message
|
Looks like you've picked up a couple other nasties.
Print this out for reference during the fix as you will be booting into Safe Mode and will not be able to access this site.
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, the Advanced Options Menu should appear;
[*]Select the first option, to run Windows in Safe Mode, then press Enter.
[*]Choose your usual account.
[*] Open the extracted SDFix folder and double click RunThis.bat to start the script.
[*] Type Y to begin the cleanup process.
[*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
[*] Press any Key and it will restart the PC.
[*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
[*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
[*] Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
This message has been edited since posting. Last time this message was edited on 3. March 2007 @ 05:54
|
|
juliemay
Suspended due to non-functional email address
|
3. March 2007 @ 09:27 |
Link to this message
|
Once again thanks for all of your help, I really appreciate it.Logfile of HijackThis v1.99.1
Scan saved at 19:03:53, on 03/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1172919694\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AOL Companion\companion.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172919694\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...973/mcfscan.cab
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: BDMBKZBCJX - GRISOFT, s.r.o. - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - (no file)
SDFix: Version 1.69
Run by Julie May Clark - 03/03/2007 @ 18:37:32.60
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\aax3B.tmp.exe - Deleted
C:\WINDOWS\system32\plugin1.dat - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\WINDOWS\system32\winlog.exe - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArtSmall.jpg
C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{62F4FC84-0D62-46A6-9302-78402D0106E1}_Large.jpg
C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{62F4FC84-0D62-46A6-9302-78402D0106E1}_Small.jpg
C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{CFB1F260-7F65-44F2-9FDB-696C0BF5A2AB}_Large.jpg
C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{CFB1F260-7F65-44F2-9FDB-696C0BF5A2AB}_Small.jpg
C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\desktop.ini
C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\Folder.jpg
C:\My old Disk Structure -- 08-02-07 2354\WINDOWS\system32\lss11.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\AOL 9.0\aoltray.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aolphx.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\RBM.exe
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\NTUSER.DAT.COPY.TMP.LOG
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\RO8287.tmp.LOG
C:\WINDOWS\system32\RO828C.tmp.LOG
C:\WINDOWS\system32\RO828F.tmp.LOG
C:\WINDOWS\system32\RO8294.tmp.LOG
C:\WINDOWS\system32\RO8297.tmp.LOG
C:\WINDOWS\system32\RO829C.tmp.LOG
C:\WINDOWS\system32\RO829F.tmp.LOG
C:\WINDOWS\system32\RO82A4.tmp.LOG
C:\WINDOWS\system32\RO82A7.tmp.LOG
C:\WINDOWS\system32\RO82AC.tmp.LOG
C:\WINDOWS\system32\RO82AF.tmp.LOG
C:\WINDOWS\system32\RO82B4.tmp.LOG
Add/Remove Programs List:
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Ace DivX Player
Ace Media Player
Active@ File Recovery 7.1
Ad-Aware SE Personal
Adobe Photoshop 7.0.1
Adobe Shockwave Player
Adobe Download Manager 2.2 (Remove Only)
AnyDVD
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AOL Coach Version 1.0(Build:20040229.1 uk)
ASPI Rip
Advanced Uninstaller PRO 2006 - version 7
AVG 7.5
AVI DivX to DVD SVCD VCD Converter 2.2.0
Azureus 3.0
Azureus Ultra Accelerator
BitComet 0.84
Bitcomet Ultra Accelerator
BitLord 1.1
BitRoll version 2.1.0.1
BitTornado 0.3.17
BitTorrent 5.0.6
BitTorrent Ultra Accelerator
BT Voyager 105 ADSL Modem
BT Voyager Modem AOL Test
CCleaner (remove only)
hex(2):44,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,00,20,00,28,\
Microsoft Windows XP Video Decoder Checkup Utility
deskPDF 2.5 Professional Edition
DivX Content Uploader
DVD Shrink 3.2
Microsoft Office Enterprise 2007
ExtraTorrent Toolbar v1.0
FLV Player 1.3.3
FoxyTunes for Internet Explorer
Girls
Google Desktop Search
Docudesk GPL Ghostscript 8.15
Hauppauge MCE2005 Software Encoder
HexDump plug-in for Ad-Aware SE
HijackThis 1.99.1
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
IE7pro
Internet Download Manager
JukeBox Tools
Update Rollup 2 for Windows XP Media Center Edition 2005
K-Lite codec Pack 2.85 Standard
Lexmark 1200 Series
Lexmark 510 Series
LimeWire PRO 4.13.0
LSP Explorer plug-in for Ad-Aware SE
Magic ISO Maker v5.3 (build 0216)
MagicDisc 2.5.74
MailWasher Pro
CloneDVD 4.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Money 2007
Mozilla Firefox (2.0.0.2)
MpcStar 1.6
Microsoft Compression Client Pack 1.0 for Windows XP
MSN
Netscape Browser (remove only)
Microsoft National Language Support Downlevel APIs
PeerGuardian 2.0
Plato DVD Ripper 5.51
Pop-Up Stopper Free Edition
PowerISO
PowerTools 12.0
Logitech© Camera Driver
RealPlayer
Recover My Files
RegScrubXP 3.25
SC Net Speed Booster 4.2.0.0
Adobe Flash Player 9 ActiveX
Skype 3.0
Motorola SM56 Speakerphone Modem
Spamihilator
Spybot - Search & Destroy 1.4
Spyware Doctor 4.0
SpywareBlaster v3.5.1
Screensavers Installer Version 2
Learn2 Player (Uninstall Only)
Sun(TM) Download Manager 2.0
System Restore Control
Tesco internet access dialler
Skype add-on for IE
Torrent101 version 3.2.0.0
Tweak-SE plug-in for Ad-Aware SE
TweakNow RegCleaner Standard
Ulead Photo Express 2.0 SE
Universal Torrent Accelerator
æTorrent
VCDEasy
Viewpoint Media Player
VideoLAN VLC media player 0.8.6a
VSPopUp
WinAce Archiver
WinAVIVideoConverter
Windows Live Toolbar
WinPatrol 2007 Restore/Remove First
WinRAR archiver
Windows Live OneCare
WinZip
Windows Media Connect
Microsoft User-Mode Driver Framework Feature Pack 1.5
XoftSpySE
XP TCP/IP Repair 1.0
Yahoo! Anti-Spy
Yahoo! Toolbar
Yahoo! Extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Install Manager
Zortam Mp3 Media Studio 6.66
Notifier
ESSSONIC
Nokia Connectivity Cable Driver
netbrdg
Popup Blocker (Windows Live Toolbar)
Smart Menus (Windows Live Toolbar)
ESSPCD
AutoUpdate
Microsoft Protection Service
PowerStarter
Google Toolbar for Internet Explorer
Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
TMPGEnc 4.0 XPress Trial Version
Google Toolbar for Firefox
essvatgt
J2SE Runtime Environment 5.0 Update 11
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Microsoft Windows OneCare Live v1.5.1890.18 Idcrl Install
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Mouse Gestures for Internet Explorer
Skype Plugin Manager
Power2Go 4.0
CR2
Microsoft Windows Journal Viewer
iTunes
Windows Live Sign-in Assistant
Microsoft SQL Server Native Client
QuickTime
OneCare Advisor (Windows Live Toolbar)
Microsoft SQL Server Setup Support Files (English)
CardRd81
Microsoft Windows Live OneCare Resources v1.5.1890.18
Windows Live Messenger
Map Button (Windows Live Toolbar)
Opera 9.10
Microsoft Money Shared Libraries
SHASTA
VideoSync
Media Center Diagnostic Kit
ESSBrwr
PX Engine
PowerDVD
Macromedia Flash Player 8
Microsoft Works
Microsoft .NET Framework 2.0
MSXML 4.0 SP2 Parser and SDK
WinPatrol 2007 Step 2
Windows Live Favorites for Windows Live Toolbar
DivX codec
Windows Vista Upgrade Advisor
staticcr
ESSTOOLS
Intel(R) Extreme Graphics 2 Driver
DivX Player
ESSini
Microsoft Software Update for Web Folders (English) 12
Microsoft Office Access MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
ESSgui
REALTEK Gigabit and Fast Ethernet NIC Driver
MP3PowerEncoder
VPRINTOL
ESScore
Windows Defender
RealSpeak Solo for UK English Emily
Windows Live Outlook Toolbar (Windows Live Toolbar)
Apple Software Update
PC Connectivity Solution
Pando
ESSCDBK
DivX Converter
OfotoXMI
CCScore
DivX Web Player
KSU
Microsoft SQL Server VSS Writer
Logitech QuickCam Software
Windows Live Toolbar
Microsoft AutoRoute 2007
Microsoft .NET Framework 1.1
Microsoft Windows OneCare Live v1.5.1890.18
Kodak EasyShare software
Nokia PC Suite
SFR
Google Toolbar for Internet Explorer
AusLogics Disk Defrag
tooltips
CAM Wizard
Nero 7 Ultra Edition
kgcbase
SKINXSDK
WIRELESS
Realtek AC'97 Audio
SVCD2DVD 2.1 DEMO
ESSPDock
SKIN0001
Finished
|
|
KotaGuy
Member
|
3. March 2007 @ 10:46 |
Link to this message
|
HijackThis log looks good :)
Can I get you to do me a favor please...
Go here:
http://www.virustotal.com/en/indexf.html
And upload this file into the scanner and report back the results...
C:\My old Disk Structure -- 08-02-07 2354\WINDOWS\system32\lss11.exe
Thanks.
|
|
juliemay
Suspended due to non-functional email address
|
3. March 2007 @ 12:25 |
Link to this message
|
Hi, a little while ago, I did a scan with fix ware out and now the file that you asked to be analysed seems to have gone...I have enclosed hijack log to see what you think. Many thanks Julie Logfile of HijackThis v1.99.1
Scan saved at 22:10:40, on 03/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\AOL\1172919694\ee\aolsoftware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Julie May Clark\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172919694\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...973/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: BDMBKZBCJX - GRISOFT, s.r.o. - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - (no file)
|
|
KotaGuy
Member
|
3. March 2007 @ 12:55 |
Link to this message
|
|
OK... did you run RootKitRevealer recently?
|
|
juliemay
Suspended due to non-functional email address
|
3. March 2007 @ 13:03 |
Link to this message
|
|
Hi ya..no I havent heard of that one..
|
|
Advertisement
|
|
|
|
KotaGuy
Member
|
3. March 2007 @ 15:33 |
Link to this message
|
|
Hmmm... strange.
This 023 from your first log...
O23 - Service: BDMBKZBCJX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\BDMBKZBCJX.exe
Is usually an indicator of Sysinternals RootKit Revealer having been run.
Have you run another application from Sysinternals recently?
I ask because in your latest log its saying it belongs to Grisoft
O23 - Service: BDMBKZBCJX - GRISOFT, s.r.o. - (no file)
Which isn't right...
|
|
