stephen
-
Content Count
15 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by stephen
-
-
Hey,
I was wondering how to create a shortcut to shutdown a computer on my home network remotely. Something like SHUTDOWN (namehere) -s -t 01 or somehting. but i dont know the exact command. Could some one help plz that would be great thanks!
-Stephen
-
Logfile of HijackThis v1.99.1
Scan saved at 11:24:30 PM, on 2/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BearShare.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\explorer.exe
c:\program files\warcraft iii\war3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sean\My Documents\malware removal\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,eifcqmp.exe
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp101.tmp
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [system service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [i downloaded pirated Software from P2P] C:\WINDOWS\system32\Battlefield2 .exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139095246\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HJB] C:\Program Files\HJB\HJB.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EFTP3Server] C:\Program Files\EFTP\EFTP3Server.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [6104308] tskmgr.exe /ibpm
O4 - HKLM\..\Run: [0oqw0ct0.dll] RUNDLL32.EXE 0oqw0ct0.dll,b 4967156
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [rkfu] C:\PROGRA~1\COMMON~1\rkfu\rkfum.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [klop] C:\WINDOWS\25.tmp
O4 - HKCU\..\Run: [iNetBooster] C:\Program Files\Robust\Internet Booster\ISpBos.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Quick'n Easy FTP Server.lnk = C:\Documents and Settings\Sean\Desktop\ftpserver3lite\FTPServer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139889000593
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\Documents and Settings\Sean\Application Data\Microsoft\Web Server Extensions.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - c:\eZpublish\apache\apache.exe" --ntservice (file missing)
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EFTP3 Server (EFTP3Server) - Unknown owner - C:\Program Files\EFTP\EFTP3ServerService.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: MySQL - Unknown owner - c:\eZpublish\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe (file missing)
-
IMO means In my opinion
And with cPanel + Agora shopping cart you just click and install.
But, you know there are always other scripts out there. Research.
I belive, http://vstoremarket.com/ you can setup your own shop, heard it was pretty easy too...
hey, i was looking at vstoremarket, and could not really find anything. If you could give a more specific link that would be great.
-
It is possible. It's either the memory or the Windows installation, but I highly doubt that it's the installation
other than getting new memory, is there anyway to fix/help the problem?
-
The MSi mobo probanly doesn't like that crap brand memory. That is one area to never scrimp on.
it would case it to lock up though?
-
Hey,
I just built my friend a budget computer. It has an AMD athlon 64 3000+, MSI K8NGM2-L Socket 939 MB, CHAINTECH 256-SE73GS-G2 Geforce 7300GS, WINTEC AMPO 1GB, XP HOME, Western Digital Caviar SE WD2500JS 250GB, LITE-ON DVD burner. Its new, nothing is installed. The internet has not been used. (so its not a virus). Did it opening MY Computer, and other basic windows. If you know why, that would be greatly appricated.
-Stephen
-
IMO means In my opinion
And with cPanel + Agora shopping cart you just click and install.
But, you know there are always other scripts out there. Research.
I belive, http://vstoremarket.com/ you can setup your own shop, heard it was pretty easy too...
-
IMO, if your host offers eCommerce scripts like Agora Shopping card or something of the like, your fine.
i dont really know script and dont really want to learn. I just wanted an easy to use, cheep, ecommerce website. (What IMO?)
Thanks
-stephen
-
Hey,
Does anyone know of a good e-commerce website hosting place. It has to have some sort of sitebuilder, templates, and i would also need a domain. I was making a computer store to sell custom computers. So if you guys could get back to me ASAP that would be great!
Thanks!
-Stephen
-
Please download Look2Me-Destroyer to your desktop.
- Close all windows before continuing.
- Double-click Look2Me-Destroyer.exe to run it.
- Put a check next to Run this program as a task.
- You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
- When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
- Once it's done scanning, click the Remove L2M button.
- You will receive a Done Scanning message, click OK.
- When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
- Your computer will then shutdown.
- Turn your computer back on.
- Please post the contents of Look2Me-Destroyer.txt and a new HiJackThis log.
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 6/22/2006 1:10:01 PM
Infected! C:\WINDOWS\system32\fp0m03d1e.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071496.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071498.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071499.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071504.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071505.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071514.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071544.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072551.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072552.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072553.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072554.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072555.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072557.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072558.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073388.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073389.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073584.dll
Infected! C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073585.dll
Infected! C:\WINDOWS\system32\fp0m03d1e.dll
Infected! C:\WINDOWS\system32\j04o0ah3ed4.dll
Infected! C:\WINDOWS\system32\uhdmxfrm.dll
Infected! C:\WINDOWS\system32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\fp0m03d1e.dll
C:\WINDOWS\system32\fp0m03d1e.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071496.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071496.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071498.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071498.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071499.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071499.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071504.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071504.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071505.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071505.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071514.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071514.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071544.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0071544.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072551.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072551.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072552.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072552.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072553.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072553.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072554.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072554.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072555.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072555.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072557.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072557.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072558.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0072558.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073388.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073388.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073389.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073389.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073584.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073584.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073585.dll
C:\System Volume Information\_restore{490691A7-BAA0-40C0-88B9-0F2F99DB2E60}\RP258\A0073585.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fp0m03d1e.dll
C:\WINDOWS\system32\fp0m03d1e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j04o0ah3ed4.dll
C:\WINDOWS\system32\j04o0ah3ed4.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\uhdmxfrm.dll
C:\WINDOWS\system32\uhdmxfrm.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{29647E95-3B73-4716-8EFF-3A1886CDFC26}"
HKCR\Clsid\{29647E95-3B73-4716-8EFF-3A1886CDFC26}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{13EDF38C-316C-43E3-A09A-BD78A5D0B0CD}"
HKCR\Clsid\{13EDF38C-316C-43E3-A09A-BD78A5D0B0CD}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BA45171F-08CC-45F2-A35F-6AF0BFEF7640}"
HKCR\Clsid\{BA45171F-08CC-45F2-A35F-6AF0BFEF7640}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
HERE IS THE HJT LOG...
Logfile of HijackThis v1.99.1
Scan saved at 1:17:22 PM, on 6/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sean\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,eifcqmp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139889000593
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EFTP3 Server (EFTP3Server) - Unknown owner - C:\Program Files\EFTP\EFTP3ServerService.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe (file missing)
- Close all windows before continuing.
-
First of all, you will need to print out this post and/or save a copy as a text file in Notepad; that way you have a hard copy of these instructions; you can not have IE/Firefox/any browser open during the fix.
You've got a couple of different major infections so it may take a few steps to clean up..just follow the post as written without skipping any steps and we'll get thought it just fine.
Download Brute Force Uninstaller to your desktop
- Unzip it to a folder of its own (C:\BFU). BFU needs to be on your root. In most cases this is C:\
- Help with unzipping files is HERE
[*]Right click on THIS LINK and choose save as (or save Link/Target as)
[*]Place qoofix.bat in your C:\BFU - folder. (Important!)
[*]Now go to the C:\BFU folder you just made
[*]Doubleclick qooFix.bat, Close all browsers and explorer folders. even this one...!!!
[*]Choose option 1 (Qoolfix autofix) and follow the prompts.
[*]Please be patient, it will take about five minutes.
[*]After the PC has restarted continue with below
- Help with unzipping files is HERE
Please download Ewido Security Suite, it is a free version of the program.
- Install ewido security suite
- When installing the program, under "Additonal Options" uncheck...
- Install background guard
- Install scan via context menu
[*] Launch ewido, there should now be an icon on your desktop, double-click it.
[*] The program will now open to the main screen.
[*] When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
[*] You will need to update ewido to the latest definition files:
- On the left hand side of the main screen click update.
- Then click on Start Update.
[*] The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")
[*] Close Ewido Security Suite
- Install background guard
If you are having problems with the updater, you can use this link to manually update ewido.
Once the updates are installed, do the following:
- Reboot computer into "Safe Mode" using the "F8" method...
- As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears
- Use the arrow keys to select the Safe Mode menu item
- As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears
[*] Once in Safe Mode start Ewido Security Suite
[*] Click on scanner. (Note: Do not start any programs or open any windows while Ewido is scanning)
[*] Click on Complete System Scan, the scan will now begin.
[*] While the scan is in progress you will be promted to clean files, click OK.
[*] When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
[*] Once the scan has completed, there will be a button located at the bottom of the screen named Save Report.
[*] Click Save Report.
[*] Now save the report .txt file to your desktop.
[*] Close Ewido Security Suite
Boot back to Normal mode
Download and run F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Run the program, accept statement>next>click> scan>next.
If any items are detected have blacklite don't do anything with them yet.
After reboot please post
- Ewido log
- a new HijackThis log
- log from blacklight; log will be named fsbl-<date/time>.log eg. fsbl-20060505134642.log.
in a reply (or replyS, it may well take more than one) to this thread. There WILL be more to do; but this is a GREAT start
The blacklight comes up with an error when i try to install saying "F-secure Blacklight could not acquire necesssary privileges (sedebugprivilege).
-your computer setting may prevent acquiring these privileges.
-a malicious program might ahve disabled these privileges."
The ewido log is...
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:05:06 PM 6/21/2006
+ Scan result:
C:\WINDOWS\system32\m6820gloe6qc0.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mztrig.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\nrtfxperf.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\o0840alqedqe0.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\rtched20.dll -> Adware.Look2Me : No action taken.
[768] C:\WINDOWS\system32\tlext.dll -> Adware.Look2Me : No action taken.
[952] C:\WINDOWS\system32\tlext.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\ODQRCTQR\AppWrap[1].exe -> Adware.Zestyfind : No action taken.
C:\kybrd.exe -> Downloader.Adload.cf : No action taken.
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : No action taken.
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : No action taken.
C:\nwnm.exe -> Hijacker.VB.fb : No action taken.
:mozilla.201:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.203:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.204:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.349:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.350:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.351:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.352:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.353:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Jake\Cookies\jake@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.104:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.90:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.98:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.99:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.237:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.238:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.239:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.240:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.241:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.242:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\All Users\Documents\Dads DOCS\Cookies\administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.558:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.502:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Counted : No action taken.
:mozilla.67:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.68:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.69:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\All Users\Documents\Dads DOCS\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.266:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.416:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.74:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.75:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.76:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.77:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.78:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.540:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
C:\Documents and Settings\All Users\Documents\Dads DOCS\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\All Users\Documents\Dads DOCS\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\All Users\Documents\Dads DOCS\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\All Users\Documents\Dads DOCS\Cookies\administrator@linksynergy[1].txt -> TrackingCookie.Linksynergy : No action taken.
:mozilla.150:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.151:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.152:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.153:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.281:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.282:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.345:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.346:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.522:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.37:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.38:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.39:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.42:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.43:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.44:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.45:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.60:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.62:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.63:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.64:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.30:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.472:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.473:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.474:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.475:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.404:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.405:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.406:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.407:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.408:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.409:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.410:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.411:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.288:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.289:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.292:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.125:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.91:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.92:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.93:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.94:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.95:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.97:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.485:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
C:\Documents and Settings\All Users\Documents\Dads DOCS\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.23:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.24:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.25:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.28:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.29:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.31:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Sean\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.32:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.33:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.34:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.35:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.36:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\ns6hnzz5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
The new HJT log is....
Logfile of HijackThis v1.99.1
Scan saved at 10:13:25 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Sean\Desktop\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\Documents and Settings\Sean\Desktop\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Sean\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,eifcqmp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139889000593
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\dnj4011qe.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\l6p2lg7o16.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Apache2 - Unknown owner - C:\Documents and Settings\Sean\Desktop\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EFTP3 Server (EFTP3Server) - Unknown owner - C:\Program Files\EFTP\EFTP3ServerService.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: mysql - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Documents and Settings\Sean\Desktop\xampp\service.exe (file missing)
O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe (file missing)
::Report end
- Unzip it to a folder of its own (C:\BFU). BFU needs to be on your root. In most cases this is C:\
-
Logfile of HijackThis v1.99.1
Scan saved at 5:23:25 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Sean\Desktop\xampp\apache\bin\apache.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\dfndra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Sean\Desktop\xampp\apache\bin\apache.exe
C:\WINDOWS\algm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sean\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,eifcqmp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139889000593
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\ixfoctrs.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\ieetppui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Apache2 - Unknown owner - C:\Documents and Settings\Sean\Desktop\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EFTP3 Server (EFTP3Server) - Unknown owner - C:\Program Files\EFTP\EFTP3ServerService.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: mysql - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Documents and Settings\Sean\Desktop\xampp\service.exe (file missing)
O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe
-
Hey,
I go into TOOLS>FOLDER OPTIONS>VIEW>Show hidden files and folders
But when i put that option, it wont set it i press apply and ok, i go back into it and it like reset so it won't stay.
Any ideas?
-stephen
-
Hey,
I go into TOOLS>FOLDER OPTIONS>VIEW>Show hidden files and folders
But when i put that option, it wont set it i press apply and ok, i go back into it and it like reset so it won't stay.
Any ideas?
-stephen
Internet Not Work Propertly
in Malware Removal
Posted
Hey,
im on a fairly old laptop, and when i try to open anything with the internet, (IE, Firefox, AIM) it takes a few tries for it to work
for example firefox, i open it the first time and it says "server not found"
the second time same message
until finally MAYBe the 3rd time it will work
the only way for it to work everytime, is go to CMD, and release and renew the ip
if anyone knows why, and could help that would be great!
HJT LOG:
Logfile of HijackThis v1.99.1
Scan saved at 11:48:02 PM, on 11/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mom\Desktop\TaxiDriver.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\Mom\Desktop\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hgtv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [svcmon] C:\WINDOWS\system32\PIN\svcmon.exe
O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\Free KGB Key Logger\winlogons.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RsaService - Emco Software Ltd. - C:\WINDOWS\system32\RsaServer.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
-Stephen