1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus problems...can't use hijackthis

Discussion in 'Windows - Virus and spyware problems' started by xirt, Mar 26, 2007.

Page 2 of 2
  1. xirt

    xirt Member

    Joined:
    Mar 26, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, April 12, 2007 5:51:59 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 12/04/2007
    Kaspersky Anti-Virus database records: 296730
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 164537
    Number of viruses found: 11
    Number of infected objects: 21 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 01:37:28

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\MJ\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\dfsr.db Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\fsr.log Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\tmp.edb Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows Live Contacts\teen_shorty_95@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows Live Contacts\teen_shorty_95@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\History\History.IE5\MSHist012007041220070413\index.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\Perflib_Perfdata_204.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe WiseSFX: infected - 4 skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe WiseSFX: infected - 4 skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\~DF4CAF.tmp Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\~DF4FB6.tmp Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\~DF943A.tmp Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\~DF9863.tmp Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\MJ\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\MJ\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\MJ\UserData\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
    C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003704.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003705.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003706.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003707.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003708.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003711.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP102\A0003959.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP102\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
    C:\WINDOWS\system32\unsvchosts.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003702.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped

    Scan process completed.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 5:53:53 PM, on 4/12/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\WgaTray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Downloads\HiJackThis_v2.0.0.0.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Policies\Explorer\Run: [{242DAC21-0726-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe" te-110-12-0000282
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'Default user')
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176159801359
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 7520 bytes
     
    xirt, Apr 12, 2007
    #21
  2. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Print this out for reference during the fix as for part of it you will be in Safe Mode and won't be able to access this site.

    Run and scan with HijackThis and place checks beside the following:

    O4 - HKCU\..\Policies\Explorer\Run: [{242DAC21-0726-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\Update.exe" te-110-12-0000282
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{242DAC21-0725-1033-0520-040310170001}] "C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}\Update.exe" te-110-12-0000282 (User 'Default user')

    Close all open browsers/windows and click the Fix button.

    Boot into Safe Mode.

    Search for and delete this Folder:

    C:\Program Files\Common Files\{242DAC21-0725-1033-0520-040310170001}

    Search for and delete these Files:

    C:\Documents and Settings\MJ\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
    C:\Documents and Settings\MJ\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe
    C:\WINDOWS\system32\unsvchosts.exe

    Empty your Recycle Bin.

    Reboot Windows normally.

    Do another Kaspersky scan and post its log along with a new HijackThis log please.
     
    KotaGuy, Apr 12, 2007
    #22
  3. xirt

    xirt Member

    Joined:
    Mar 26, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, April 13, 2007 6:15:05 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 13/04/2007
    Kaspersky Anti-Virus database records: 296830
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 165609
    Number of viruses found: 6
    Number of infected objects: 11 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 01:38:32

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\MJ\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\dfsr.db Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\fsr.log Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Messenger\teen_shorty_95@hotmail.com\SharingMetadata\Working\database_E24_2DC0_242D_AC21\tmp.edb Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows Live Contacts\teen_shorty_95@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Application Data\Microsoft\Windows Live Contacts\teen_shorty_95@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\History\History.IE5\MSHist012007041220070413\index.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\Perflib_Perfdata_1a4.dat Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\~DF4D1B.tmp Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\~DF5D17.tmp Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\~DFC19C.tmp Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temp\~DFC28B.tmp Object is locked skipped
    C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\MJ\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\MJ\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\MJ\UserData\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
    C:\Program Files\Valve\Steam\AppUpdateStats.blob Object is locked skipped
    C:\Program Files\Valve\Steam\Steam.log Object is locked skipped
    C:\Program Files\Valve\Steam\SteamApps\base source engine 2.gcf Object is locked skipped
    C:\Program Files\Valve\Steam\SteamApps\counter-strike source client.gcf Object is locked skipped
    C:\Program Files\Valve\Steam\SteamApps\counter-strike source shared.gcf Object is locked skipped
    C:\Program Files\Valve\Steam\SteamApps\source engine.gcf Object is locked skipped
    C:\Program Files\Valve\Steam\SteamApps\source materials.gcf Object is locked skipped
    C:\Program Files\Valve\Steam\SteamApps\source models.gcf Object is locked skipped
    C:\Program Files\Valve\Steam\SteamApps\source sounds.gcf Object is locked skipped
    C:\Program Files\Valve\Steam\SteamApps\sourceinit.gcf Object is locked skipped
    C:\Program Files\Valve\Steam\SteamApps\winui.gcf Object is locked skipped
    C:\Program Files\Valve\Steam\SteamLogs\SteamStats.log Object is locked skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003704.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003705.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003706.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003707.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003708.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003711.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP102\A0003959.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP103\A0004106.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP103\A0004108.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
    C:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP103\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5IJOTUJ\QuickTime[1].msi Object is locked skipped
    C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP100\A0003702.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
    D:\System Volume Information\_restore{DE5DFEEC-2955-4095-BF73-4AC33E42749F}\RP103\change.log Object is locked skipped

    Scan process completed.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 6:15:46 AM, on 4/13/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Razer\Diamondback\razerhid.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Razer\Diamondback\razerofa.exe
    C:\WINDOWS\System32\WgaTray.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Downloads\HiJackThis_v2.0.0.0.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176159801359
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 7135 bytes
     
    xirt, Apr 13, 2007
    #23
  4. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Print this out for reference as you will be booting into Safe Modee and won't be able to access this site.

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.

      Search for and delete this Folder:

      C:\Program Files\Common Files\{242DAC21-0726-1033-0520-040310170001}
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).

      Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
    KotaGuy, Apr 13, 2007
    #24
  5. xirt

    xirt Member

    Joined:
    Mar 26, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11

    SDFix: Version 1.78

    Run by MJ - Sat 04/14/2007 - 0:33:24.71

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    Client IP-IPX

    ImagePath:
    "C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000282

    Client IP-IPX - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found...




    Removing Temp Files

    ADS Check:

    Checking if ADS is attached to system32 Folder
    C:\WINDOWS\system32
    No streams found.

    Checking if ADS is attached to svchost.exe
    C:\WINDOWS\system32\svchost.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------




    Remaining Files:
    ---------------


    Checking For Files with Hidden Attributes:

    C:\Documents and Settings\MJ\My Documents\Joenes\~WRL3913.tmp
    C:\WINDOWS\LastGood.Tmp\INF\dxbda.inf
    C:\WINDOWS\LastGood.Tmp\INF\dxbda.PNF
    C:\WINDOWS\LastGood.Tmp\INF\dxdllreg.inf
    C:\WINDOWS\LastGood.Tmp\INF\dxdllreg.PNF
    C:\WINDOWS\LastGood.Tmp\INF\dxxp.inf
    C:\WINDOWS\LastGood.Tmp\INF\dxxp.PNF
    C:\WINDOWS\LastGood.Tmp\INF\nvautlml.inf
    C:\WINDOWS\LastGood.Tmp\INF\nvautlml.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem0.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem0.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem1.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem1.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem10.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem10.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem11.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem11.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem2.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem3.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem4.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem6.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem6.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem7.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem7.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem8.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem8.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem9.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem9.PNF

    Finished

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:40:45 AM, on 4/14/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WgaTray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Razer\Diamondback\razerhid.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Razer\Diamondback\razertra.exe
    C:\Program Files\Razer\Diamondback\razerofa.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    D:\Downloads\HiJackThis_v2.0.0.0.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176159801359
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 7278 bytes
     
    xirt, Apr 13, 2007
    #25
  6. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Looks good :)

    How is your computer behaving?
     
    KotaGuy, Apr 13, 2007
    #26
  7. xirt

    xirt Member

    Joined:
    Mar 26, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Umm...so far so good I guess I'm going to do a little more of a tune up. Too many programs are starting when I turn on my computer. Other than that it looks good. If there's anything else, I know where to go. Thanks so much KotaGuy.
     
    xirt, Apr 14, 2007
    #27
  8. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    You need to reset your System Restore Points. To do that:

    [*]Right-click My Computer, and then click Properties.
    [*]Click the System Restore tab.
    [*]Check the "Turn off System Restore" or "Turn off System Restore on all drives"

    Reboot your computer, follow the steps above, this time unchecking the "Turn off System Restore" and reboot.

    Should be good to go after that.
     
    KotaGuy, Apr 14, 2007
    #28
Page 2 of 2

Share This Page