geek

Members
 View Profile  See their activity

  • Content Count

    13

  • Joined

  • Last visited

 Content Type 

Posts posted by geek

  1. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted

    Your log is clean.

    Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

    Detect and Remove Programs:

    • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
    • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

    Prevention Programs:

    • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
    • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
      I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

    Other necessary Programs:

    • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
    • Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs.

    She has most of that and has been running it. Thanks for your time. Just to let you know, Sygate was bought by Symantec and no longer offers a free version unfortunatly.

  2. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted

    Ok post a new Hijackthis log here in a reply.

    May I ask what it is you find suspicious? What is problematic?

    Logfile of HijackThis v1.99.1

    Scan saved at 5:06:22 PM, on 10/13/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\userinit.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\DOCUME~1\ERICAT~1\LOCALS~1\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe

    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136764335234

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158716816796

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

  3. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted

    First download AVG Anti-Spyware from HERE and save that file to your desktop.

    This is a 30 day trial of the program

    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

    [*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

    [*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

    [*]Under "Reports"

    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

    ---------------------------------------------------------

    AVG Anti-Spyware - Scan Report

    ---------------------------------------------------------

    + Created at: 8:52:47 PM 10/12/2006

    + Scan result:

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP403\A0089634.exe -> Adware.PurityScan : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090827.exe -> Adware.PurityScan : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090834.exe -> Adware.PurityScan : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090846.exe -> Adware.PurityScan : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090863.exe -> Adware.PurityScan : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP406\A0091185.exe -> Adware.PurityScan : No action taken.

    C:\Program Files\Common Files\{E000E1C3-09E5-1033-0512-041025200001}\Update.exe -> Adware.Softomate : No action taken.

    C:\Program Files\Common Files\{E000E1C3-09E5-1033-0512-041025200001}\services.dll -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP403\A0090649.dll -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP403\A0090650.exe -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP403\A0090651.dll -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090837.exe -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090838.dll -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090839.dll -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090969.dll -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090970.exe -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP406\A0091080.dll -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP406\A0091081.exe -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP406\A0091136.dll -> Adware.Softomate : No action taken.

    C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP385\A0082257.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : No action taken.

    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

    C:\Documents and Settings\Erica Tankard\Cookies\erica [email protected][1].txt -> TrackingCookie.2o7 : No action taken.

    C:\Documents and Settings\John\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

    C:\Documents and Settings\John\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

    C:\Documents and Settings\Lilian\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

    C:\Documents and Settings\Brittany\Cookies\brittany@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.

    C:\Documents and Settings\Erica Tankard\Local Settings\Temp\Cookies\erica [email protected][1].txt -> TrackingCookie.Adjuggler : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & jeremy@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.

    C:\Documents and Settings\Brittany\Cookies\brittany@advertising[2].txt -> TrackingCookie.Advertising : No action taken.

    C:\Documents and Settings\Brittany\Cookies\brittany@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.

    C:\Documents and Settings\Brittany\Cookies\brittany@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.

    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & jeremy@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & [email protected][2].txt -> TrackingCookie.Burstnet : No action taken.

    C:\Documents and Settings\Brittany\Cookies\brittany@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.

    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : No action taken.

    C:\Documents and Settings\John\Cookies\john@com[1].txt -> TrackingCookie.Com : No action taken.

    C:\Documents and Settings\Brittany\Cookies\brittany@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & [email protected][1].txt -> TrackingCookie.Enhance : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & [email protected][2].txt -> TrackingCookie.Esomniture : No action taken.

    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & [email protected][2].txt -> TrackingCookie.Euroclick : No action taken.

    C:\Documents and Settings\Erica Tankard\Cookies\erica [email protected][2].txt -> TrackingCookie.Euroclick : No action taken.

    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & [email protected][1].txt -> TrackingCookie.Hitbox : No action taken.

    C:\Documents and Settings\Brittany\Cookies\brittany@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & [email protected][1].txt -> TrackingCookie.Overture : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & [email protected][2].txt -> TrackingCookie.Overture : No action taken.

    C:\Documents and Settings\Erica Tankard\Cookies\erica [email protected][2].txt -> TrackingCookie.Pointroll : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & [email protected][1].txt -> TrackingCookie.Specificclick : No action taken.

    C:\Documents and Settings\Brittany\Cookies\brittany@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.

    C:\Documents and Settings\Brittany\Cookies\brittany@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.

    C:\Documents and Settings\Erica Tankard\Cookies\erica tankard@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.

    C:\Documents and Settings\Erica Tankard\Cookies\erica [email protected][2].txt -> TrackingCookie.Valuead : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & jeremy@yadro[2].txt -> TrackingCookie.Yadro : No action taken.

    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.

    C:\Documents and Settings\Courtney & Jeremy\Cookies\courtney & [email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.

    C:\Documents and Settings\Erica Tankard\Cookies\erica [email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.

    C:\Documents and Settings\Erica Tankard\Local Settings\Temp\Cookies\erica [email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.

    ::Report end

  4. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted · Edited by geek

    Can you post c:\vundofix.txt?

    VundoFix V6.2.1

    Checking Java version...

    Scan started at 10:11:54 PM 10/10/2006

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

    VundoFix V6.2.1

    Checking Java version...

    Scan started at 8:34:45 PM 10/11/2006

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

    VundoFix V6.2.1

    Checking Java version...

    Scan started at 8:52:42 PM 10/11/2006

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

  5. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted

    Open Hijackthis and click scan. Then check mark the following entries

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\Yinstall.exe

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

    Now close all open windows except Hijackthis and click fix checked

    Then post a new Hijackthis log here in a reply.

    Logfile of HijackThis v1.99.1

    Scan saved at 8:08:10 PM, on 10/11/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Program Files\Common Files\{E000E1C3-09E5-1033-0512-041025200001}\Update.exe

    C:\Program Files\Trillian\trillian.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Google\Google Talk\googletalk.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\DOCUME~1\ERICAT~1\LOCALS~1\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136764335234

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158716816796

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

  7. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted · Edited by geek

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.

    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    Logfile after the above found no files and removal of Yinstall.exe.

    Logfile of HijackThis v1.99.1

    Scan saved at 10:20:01 PM, on 10/10/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Program Files\Common Files\{E000E1C3-09E5-1033-0512-041025200001}\Update.exe

    C:\Program Files\Trillian\trillian.exe

    C:\Program Files\Google\Google Talk\googletalk.exe

    C:\DOCUME~1\ERICAT~1\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\Yinstall.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136764335234

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158716816796

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

  8. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted

    Go to Start > Settings > Control Panel > Add/Remove and uninstall the following.

    ToolBar888

    Then post a new Hijackthis log here in a reply.

    Ok, here is the log. Upon rebooting, the PC keeps opening a site at web . link4all . biz without the spaces, and asks the person to download photogbase.com/install.html. Even when the user doesn't install, it keeps popping up.

    Ok, well, looks like I figure out the problem.

    "O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\Yinstall.exe" was the culprit, it seems. Stopping it's process and deleting it at it's root file seems to have eliminated the web based pop up. After logging in on every account on this PC, it appears the situation is resolved. If anyone sees anything other that is suspicious, let me know in IRC or in this thread. Thanks, Rock, for all the help. The toolbar, without a doubt, was the first step in the removal of the virus. Hope this helps a person or two along the way.

  9. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted · Edited by geek

    Go to Start > Settings > Control Panel > Add/Remove and uninstall the following.

    ToolBar888

    Then post a new Hijackthis log here in a reply.

    Ok, here is the log. Upon rebooting, the PC keeps opening a site at web . link4all . biz without the spaces, and asks the person to download photogbase.com/install.html. Even when the user doesn't install, it keeps popping up.

    Logfile of HijackThis v1.99.1

    Scan saved at 8:38:54 PM, on 10/9/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\WINDOWS\system32\Yinstall.exe

    C:\Program Files\Common Files\{E000E1C3-09E5-1033-0512-041025200001}\Update.exe

    C:\Program Files\Google\Google Talk\googletalk.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Trillian\trillian.exe

    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

    C:\DOCUME~1\ERICAT~1\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\Yinstall.exe

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136764335234

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158716816796

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

  10. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted

    Open HijackThis, click Config, click Misc Tools

    Click "Open Uninstall Manager"

    Click "Save List" (generates uninstall_list.txt)

    Click Save, copy and paste the results in your next post.

    Ad-Aware SE Personal

    Adobe Flash Player 9 ActiveX

    Adobe Reader 6.0

    AVG Free Edition

    eMachines Bay Reader

    GdiplusUpgrade

    Google Talk (remove only)

    HijackThis 1.99.1

    Hotfix for Windows Media Format SDK (KB902344)

    Hotfix for Windows XP (KB896344)

    HP Extended Capabilities 4.7

    HP Image Zone 4.7

    HP PSC & OfficeJet 4.7

    HP Software Update

    Intel® Extreme Graphics Driver

    Intel® PRO Network Adapters and Drivers

    Java 2 Runtime Environment, SE v1.4.2

    K-Lite Codec Pack 2.25 Full

    Macromedia Shockwave Player

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Hotfix (KB886903)

    Microsoft .NET Framework 2.0

    Microsoft ActiveX Control Pad

    Microsoft Office Professional Edition 2003

    Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

    Morpheus 5.2 (remove only)

    MP3 Player Utilities V1.28

    Musicmatch® Jukebox

    Pizza Frenzy 1.0

    QBz

    QuickTime

    Realtek AC'97 Audio

    Security Update for Microsoft .NET Framework 2.0 (KB917283)

    Security Update for Windows Media Player (KB911564)

    Security Update for Windows Media Player 10 (KB911565)

    Security Update for Windows XP (KB890046)

    Security Update for Windows XP (KB893066)

    Security Update for Windows XP (KB893756)

    Security Update for Windows XP (KB896358)

    Security Update for Windows XP (KB896422)

    Security Update for Windows XP (KB896423)

    Security Update for Windows XP (KB896424)

    Security Update for Windows XP (KB896428)

    Security Update for Windows XP (KB899587)

    Security Update for Windows XP (KB899591)

    Security Update for Windows XP (KB900725)

    Security Update for Windows XP (KB901017)

    Security Update for Windows XP (KB901190)

    Security Update for Windows XP (KB901214)

    Security Update for Windows XP (KB902400)

    Security Update for Windows XP (KB905414)

    Security Update for Windows XP (KB905749)

    Security Update for Windows XP (KB905915)

    Security Update for Windows XP (KB908519)

    Security Update for Windows XP (KB908531)

    Security Update for Windows XP (KB911280)

    Security Update for Windows XP (KB911562)

    Security Update for Windows XP (KB911567)

    Security Update for Windows XP (KB911927)

    Security Update for Windows XP (KB912812)

    Security Update for Windows XP (KB912919)

    Security Update for Windows XP (KB913446)

    Security Update for Windows XP (KB913580)

    Security Update for Windows XP (KB914388)

    Security Update for Windows XP (KB914389)

    Security Update for Windows XP (KB916281)

    Security Update for Windows XP (KB917159)

    Security Update for Windows XP (KB917344)

    Security Update for Windows XP (KB917422)

    Security Update for Windows XP (KB917953)

    Security Update for Windows XP (KB918439)

    Security Update for Windows XP (KB918899)

    Security Update for Windows XP (KB919007)

    Security Update for Windows XP (KB920214)

    Security Update for Windows XP (KB920670)

    Security Update for Windows XP (KB920683)

    Security Update for Windows XP (KB920685)

    Security Update for Windows XP (KB921398)

    Security Update for Windows XP (KB921883)

    Security Update for Windows XP (KB922616)

    Security Update for Windows XP (KB925486)

    SoftV92 Data Fax Modem with SmartCP

    Spybot - Search & Destroy 1.4

    ToolBar888

    Update for Windows XP (KB898461)

    Update for Windows XP (KB900485)

    Update for Windows XP (KB900930)

    Update for Windows XP (KB910437)

    Update for Windows XP (KB916595)

    Update for Windows XP (KB920872)

    Update for Windows XP (KB922582)

    URGE

    USB MP3 Driver v1.17r014

    USB PC Camera (SN9C103)

    VBRunDLL 3.0

    Windows Backup Utility

    Windows Genuine Advantage v1.3.0254.0

    Windows Installer 3.1 (KB893803)

    Windows Media Connect

    Windows Media Format 11 runtime

    Windows Media Format 11 runtime

    Windows Media Format SDK Hotfix - KB891122

    Windows Media Player 11

    Windows Media Player 11

    Windows Media Player 9 Hotfix [see KB885492 for more information]

    Windows XP Hotfix - KB873339

    Windows XP Hotfix - KB885250

    Windows XP Hotfix - KB885626

    Windows XP Hotfix - KB885835

    Windows XP Hotfix - KB885836

    Windows XP Hotfix - KB886185

    Windows XP Hotfix - KB887472

    Windows XP Hotfix - KB887742

    Windows XP Hotfix - KB887797

    Windows XP Hotfix - KB888113

    Windows XP Hotfix - KB888302

    Windows XP Hotfix - KB890859

    Windows XP Hotfix - KB891781

    Windows XP Service Pack 2

  11. Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]

    in Malware Removal

    Posted · Edited by geek

    Known trojan was said to have been removed by AVG, but is still present. Figured someone here might be able to point out issues to be resolved. Thanks in advance.

    Logfile of HijackThis v1.99.1

    Scan saved at 3:46:18 PM, on 10/9/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\WINDOWS\system32\Yinstall.exe

    C:\Program Files\Common Files\{E000E1C3-09E5-1033-0512-041025200001}\Update.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Google\Google Talk\googletalk.exe

    C:\Program Files\Trillian\trillian.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\DOCUME~1\ERICAT~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3000E1C3-09E5-1033-0512-041025200001}\MyToolBar.dll

    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3000E1C3-09E5-1033-0512-041025200001}\MyToolBar.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\Yinstall.exe

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136764335234

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158716816796

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

  12. Geek's Log

    in Malware Removal

    Posted

    I used hijack this, then went in via command prompt to delete the kernelll.pif file, and upon restart my registry eidtor and taskmanager work flawlessly. updated log below

    Logfile of HijackThis v1.99.0

    Scan saved at 9:27:17 PM, on 2/7/2005

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Sygate\SPF\smc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\System32\PGPserv.exe

    C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\TightVNC\WinVNC.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\D-Tools\daemon.exe

    C:\Program Files\DU Meter\DUMeter.exe

    C:\WINDOWS\System32\taskswitch.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    C:\Program Files\Picasa\PicasaMediaDetector.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Program Files\Bloglines Notifier\Notifier.exe

    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

    C:\Program Files\Firefly\Firefly.exe

    C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe

    C:\Program Files\ConquerCam\ConquerCam.exe

    C:\FRAPS\FRAPS.EXE

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\Spyware Doctor\swdoctor.exe

    C:\Program Files\FinePixViewer\QuickDCF.exe

    C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe

    C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe

    C:\Program Files\Doppler\Doppler.exe

    C:\Program Files\MailWasher Pro\MailWasher.exe

    C:\Program Files\No-IP\DUC20.exe

    C:\Program Files\SHOUTcast\sc_serv.exe

    C:\Program Files\Trillian\trillian.exe

    C:\Program Files\Winamp\winamp.exe

    C:\Program Files\Xfire\Xfire.exe

    C:\Documents and Settings\Dwight\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.technologysource.com/home/

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

    O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper

    O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [kernelll] C:\WINDOWS\system32\kernelll.pif

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [bloglinesNotifier] C:\Program Files\Bloglines Notifier\Notifier.exe

    O4 - HKCU\..\Run: [Firefly] "C:\Program Files\Firefly\Firefly.exe"

    O4 - HKCU\..\Run: [bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized

    O4 - HKCU\..\Run: [ConquerCam] C:\Program Files\ConquerCam\ConquerCam.exe /tray

    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

    O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe

    O4 - Startup: DAEMON Tools.lnk = C:\Program Files\D-Tools\daemon.exe

    O4 - Startup: Doppler.lnk = ?

    O4 - Startup: MailWasher.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe

    O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe

    O4 - Startup: SHOUTcast DNAS (GUI).lnk = C:\Program Files\SHOUTcast\sc_serv.exe

    O4 - Startup: Trillian.lnk = ?

    O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe

    O4 - Startup: Winamp.lnk = C:\Program Files\Winamp\winamp.exe

    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Exif Launcher.lnk = ?

    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    O4 - Global Startup: PGPtray.lnk = ?

    O8 - Extra context menu item: &Check Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM

    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM

    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm

    O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll

    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll

    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\ieSpell.dll

    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\ieSpell.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe

    O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing

    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4BF474CC-41CA-4450-AD6F-EC1BADDF8F5F}: NameServer = 142.161.130.155 142.161.2.155

    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: %NVSVC.name% - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe

    O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    O23 - Service: VNC Server - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

  13. Geek's Log

    in Malware Removal

    Posted

    Problem: on reboot, my task manager and registry editing tools are disabled, no matter the user.

    Specs: AMD 2100+, 512 MB RAM, 80 GB HD nearly full.

    Let me know what else you need.

    Logfile of HijackThis v1.99.0

    Scan saved at 8:18:59 PM, on 2/7/2005

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Sygate\SPF\smc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\System32\PGPserv.exe

    C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\TightVNC\WinVNC.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\D-Tools\daemon.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Program Files\DU Meter\DUMeter.exe

    C:\WINDOWS\System32\taskswitch.exe

    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    C:\Program Files\Picasa\PicasaMediaDetector.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

    C:\Program Files\Bloglines Notifier\Notifier.exe

    C:\WINDOWS\system32\kernelll.pif

    C:\Program Files\Firefly\Firefly.exe

    C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe

    C:\Program Files\ConquerCam\ConquerCam.exe

    C:\FRAPS\FRAPS.EXE

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\Spyware Doctor\swdoctor.exe

    C:\Program Files\FinePixViewer\QuickDCF.exe

    C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe

    C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe

    C:\Program Files\Doppler\Doppler.exe

    C:\Program Files\MailWasher Pro\MailWasher.exe

    C:\Program Files\No-IP\DUC20.exe

    C:\Program Files\SHOUTcast\sc_serv.exe

    C:\Program Files\Trillian\trillian.exe

    C:\Program Files\Winamp\winamp.exe

    C:\Program Files\Xfire\Xfire.exe

    C:\Program Files\mIRC\mirc.exe

    C:\Program Files\mIRC\mirc.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Winamp\winamp.exe

    C:\Program Files\Mozilla Thunderbird\thunderbird.exe

    C:\PROGRA~1\WINZIP\winzip32.exe

    C:\Documents and Settings\Dwight\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.technologysource.com/home/

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

    O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper

    O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [kernelll] C:\WINDOWS\system32\kernelll.pif

    O4 - HKLM\..\RunOnce: [kernelll] C:\WINDOWS\system32\kernelll.pif /RunOnce

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [bloglinesNotifier] C:\Program Files\Bloglines Notifier\Notifier.exe

    O4 - HKCU\..\Run: [Firefly] "C:\Program Files\Firefly\Firefly.exe"

    O4 - HKCU\..\Run: [bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized

    O4 - HKCU\..\Run: [ConquerCam] C:\Program Files\ConquerCam\ConquerCam.exe /tray

    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

    O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe

    O4 - Startup: DAEMON Tools.lnk = C:\Program Files\D-Tools\daemon.exe

    O4 - Startup: Doppler.lnk = ?

    O4 - Startup: MailWasher.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe

    O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe

    O4 - Startup: SHOUTcast DNAS (GUI).lnk = C:\Program Files\SHOUTcast\sc_serv.exe

    O4 - Startup: Trillian.lnk = ?

    O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe

    O4 - Startup: Winamp.lnk = C:\Program Files\Winamp\winamp.exe

    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Exif Launcher.lnk = ?

    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    O4 - Global Startup: PGPtray.lnk = ?

    O8 - Extra context menu item: &Check Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM

    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM

    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm

    O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll

    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll

    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\ieSpell.dll

    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\ieSpell.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe

    O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing

    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

    O16 - DPF: {6AEFE48C-FB6C-4C27-A161-A0BF3438537E} (Live(5.2) Control) - http://24.17.204.12:88/cab/Live.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4BF474CC-41CA-4450-AD6F-EC1BADDF8F5F}: NameServer = 142.161.130.155 142.161.2.155

    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: %NVSVC.name% - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe

    O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    O23 - Service: VNC Server - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe