Hi there..I am very new to this site and am having internet problems, also pop ups with ie 7..I was wondering if someone could have a look at my 2 log files and advise me what I could do. Many thanks. Julie Logfile of HijackThis v1.99.1 Scan saved at 09:17:59, on 01/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\AOL 9.0 VRa\waol.exe C:\Program Files\Common Files\AOL\1172256959\ee\aolsoftware.exe c:\program files\common files\aol\1172256959\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe c:\program files\common files\aol\1172256959\ee\aolsoftware.exe C:\Program Files\AOL 9.0 VRa\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe C:\Documents and Settings\Julie May Clark\My Documents\Downloads\Programs\HijackThis_v1.99.1.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\~AceTemp\hijackthis_2\HijackThis.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Roam meow] C:\DOCUME~1\JULIEM~1\APPLIC~1\16SLOW~1\ReadmeDash.exe O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: BDMBKZBCJX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\BDMBKZBCJX.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe Fixwareout Last edited 2/11/2007 Post this report in the forums please Logfile of HijackThis v1.99.1 Scan saved at 09:17:59, on 01/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\AOL 9.0 VRa\waol.exe C:\Program Files\Common Files\AOL\1172256959\ee\aolsoftware.exe c:\program files\common files\aol\1172256959\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe c:\program files\common files\aol\1172256959\ee\aolsoftware.exe C:\Program Files\AOL 9.0 VRa\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe C:\Documents and Settings\Julie May Clark\My Documents\Downloads\Programs\HijackThis_v1.99.1.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\~AceTemp\hijackthis_2\HijackThis.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Roam meow] C:\DOCUME~1\JULIEM~1\APPLIC~1\16SLOW~1\ReadmeDash.exe O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: BDMBKZBCJX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\BDMBKZBCJX.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe ... »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background" "WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe" "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\ 6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Roam meow"="C:\\DOCUME~1\\JULIEM~1\\APPLIC~1\\16SLOW~1\\ReadmeDash.exe" "Spamihilator"="\"C:\\Program Files\\Spamihilator\\spamihilator.exe\"" "PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\"" "PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
Hi Julie. Please Download NoLop to your desktop from one of the links below... Link 1 Link 2 Link 3 [*]First close any other programs you have running as this will require a reboot [*]Double click NoLop.exe to run it [*]Now click the button labelled "Search and Destroy" <<your computer will now be scanned for infected files>> [*] When scanning is finished you will be prompted to reboot only if infected, Click OK [*] Now click the "REBOOT" Button. [*] A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log along with a fresh HijackThis log. --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--
Hi ya, many thanks for your help...sorry for delay, I lost have lost my welcome screen on aol, cant get onto internet via aol. I am using firefox at mo but pc still not rightNoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\Julie May Clark\Application Data\IDM\DwnlData\Julie May Clark\NoLop_280 [02/03/2007] [23:42:58] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\ABFD087191CEBB3D.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- C:\Documents and Settings\Administrator\Application Data\Adobe C:\Documents and Settings\Administrator\Application Data\Apple Computer C:\Documents and Settings\Administrator\Application Data\Cyberlink C:\Documents and Settings\Administrator\Application Data\Identities C:\Documents and Settings\Administrator\Application Data\Microsoft C:\Documents and Settings\Administrator\Application Data\Sampleview -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Ahead C:\Documents and Settings\All Users\Application Data\Aol C:\Documents and Settings\All Users\Application Data\Aol Downloads C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Billeo C:\Documents and Settings\All Users\Application Data\Ca C:\Documents and Settings\All Users\Application Data\Comodo C:\Documents and Settings\All Users\Application Data\Cyberlink C:\Documents and Settings\All Users\Application Data\Datameowballinternet C:\Documents and Settings\All Users\Application Data\Downloaded Installations C:\Documents and Settings\All Users\Application Data\Dvd Shrink C:\Documents and Settings\All Users\Application Data\Google C:\Documents and Settings\All Users\Application Data\Iomatic C:\Documents and Settings\All Users\Application Data\Kodak C:\Documents and Settings\All Users\Application Data\Macromedia C:\Documents and Settings\All Users\Application Data\Mcafee C:\Documents and Settings\All Users\Application Data\Mcafee.com C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Microsoft Help C:\Documents and Settings\All Users\Application Data\Msn6 C:\Documents and Settings\All Users\Application Data\Pc Suite C:\Documents and Settings\All Users\Application Data\Skype C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar C:\Documents and Settings\All Users\Application Data\Yahoo! C:\Documents and Settings\All Users\Application Data\Yahoo! Companion C:\Documents and Settings\Default User\Application Data\Adobe C:\Documents and Settings\Default User\Application Data\Apple Computer C:\Documents and Settings\Default User\Application Data\Cyberlink C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory C:\Documents and Settings\Julie May Clark\Application Data\.bittornado C:\Documents and Settings\Julie May Clark\Application Data\16 Slow C:\Documents and Settings\Julie May Clark\Application Data\Adobe C:\Documents and Settings\Julie May Clark\Application Data\Adobeum C:\Documents and Settings\Julie May Clark\Application Data\Ahead C:\Documents and Settings\Julie May Clark\Application Data\Aol C:\Documents and Settings\Julie May Clark\Application Data\Apple Computer C:\Documents and Settings\Julie May Clark\Application Data\Avant Profiles C:\Documents and Settings\Julie May Clark\Application Data\Azureus C:\Documents and Settings\Julie May Clark\Application Data\Bitroll C:\Documents and Settings\Julie May Clark\Application Data\Bittorrent C:\Documents and Settings\Julie May Clark\Application Data\Comodo C:\Documents and Settings\Julie May Clark\Application Data\Cyberlink C:\Documents and Settings\Julie May Clark\Application Data\Datalayer C:\Documents and Settings\Julie May Clark\Application Data\Divx C:\Documents and Settings\Julie May Clark\Application Data\Dmcache C:\Documents and Settings\Julie May Clark\Application Data\Dvdcss C:\Documents and Settings\Julie May Clark\Application Data\Foxytunes C:\Documents and Settings\Julie May Clark\Application Data\Google C:\Documents and Settings\Julie May Clark\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Julie May Clark\Application Data\Identities C:\Documents and Settings\Julie May Clark\Application Data\Idm C:\Documents and Settings\Julie May Clark\Application Data\Ie7pro C:\Documents and Settings\Julie May Clark\Application Data\Lavasoft C:\Documents and Settings\Julie May Clark\Application Data\Limewire C:\Documents and Settings\Julie May Clark\Application Data\Macromedia C:\Documents and Settings\Julie May Clark\Application Data\Mailwasherpro C:\Documents and Settings\Julie May Clark\Application Data\Mcafee C:\Documents and Settings\Julie May Clark\Application Data\Mcafee.com Personal Firewall C:\Documents and Settings\Julie May Clark\Application Data\Media Player Classic C:\Documents and Settings\Julie May Clark\Application Data\Microsoft C:\Documents and Settings\Julie May Clark\Application Data\Mozilla C:\Documents and Settings\Julie May Clark\Application Data\Msn6 C:\Documents and Settings\Julie May Clark\Application Data\Msninstaller C:\Documents and Settings\Julie May Clark\Application Data\Netscape C:\Documents and Settings\Julie May Clark\Application Data\Nokia C:\Documents and Settings\Julie May Clark\Application Data\Nokia Multimedia Player C:\Documents and Settings\Julie May Clark\Application Data\Opera C:\Documents and Settings\Julie May Clark\Application Data\Pc Suite C:\Documents and Settings\Julie May Clark\Application Data\Pc Tools C:\Documents and Settings\Julie May Clark\Application Data\Pegasys Inc C:\Documents and Settings\Julie May Clark\Application Data\Real C:\Documents and Settings\Julie May Clark\Application Data\Sampleview -- EMPTY Directory C:\Documents and Settings\Julie May Clark\Application Data\Skype C:\Documents and Settings\Julie May Clark\Application Data\Smart Pc Solutions C:\Documents and Settings\Julie May Clark\Application Data\Sun C:\Documents and Settings\Julie May Clark\Application Data\Torrent101 C:\Documents and Settings\Julie May Clark\Application Data\Trojanhunter C:\Documents and Settings\Julie May Clark\Application Data\Utorrent C:\Documents and Settings\Julie May Clark\Application Data\Vcdeasy C:\Documents and Settings\Julie May Clark\Application Data\Viewpoint C:\Documents and Settings\Julie May Clark\Application Data\Vlc C:\Documents and Settings\Julie May Clark\Application Data\Webcompiler3 C:\Documents and Settings\Julie May Clark\Application Data\Winpatrol C:\Documents and Settings\Julie May Clark\Application Data\Yahoo! C:\Documents and Settings\Julie May Clark\Application Data\You've Got Pictures Screensaver C:\Documents and Settings\Localservice\Application Data\16 Slow C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft ..enclosed are 2 log files u requested.Logfile of HijackThis v1.99.1 Scan saved at 08:09:39, on 03/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\PeerGuardian2\pg2.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\AOL Companion\companion.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Julie May Clark\My Documents\Downloads\Programs\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\winlog.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\winlog.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - America Online, Inc. - (no file) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - Unknown owner - (no file)
Looks like you've picked up a couple other nasties. Print this out for reference during the fix as you will be booting into Safe Mode and will not be able to access this site. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : [*]Restart your computer [*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; [*]Instead of Windows loading as normal, the Advanced Options Menu should appear; [*]Select the first option, to run Windows in Safe Mode, then press Enter. [*]Choose your usual account. [*] Open the extracted SDFix folder and double click RunThis.bat to start the script. [*] Type Y to begin the cleanup process. [*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. [*] Press any Key and it will restart the PC. [*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. [*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). [*] Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Once again thanks for all of your help, I really appreciate it.Logfile of HijackThis v1.99.1 Scan saved at 19:03:53, on 03/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Common Files\AOL\1172919694\ee\AOLSoftware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\PeerGuardian2\pg2.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\AOL 9.0\aoltray.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\AOL Companion\companion.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172919694\ee\AOLSoftware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: BDMBKZBCJX - GRISOFT, s.r.o. - (no file) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - Unknown owner - (no file) SDFix: Version 1.69 Run by Julie May Clark - 03/03/2007 @ 18:37:32.60 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\aax3B.tmp.exe - Deleted C:\WINDOWS\system32\plugin1.dat - Deleted C:\WINDOWS\system32\unsvchosts.lzma - Deleted C:\WINDOWS\system32\winlog.exe - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArtSmall.jpg C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{62F4FC84-0D62-46A6-9302-78402D0106E1}_Large.jpg C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{62F4FC84-0D62-46A6-9302-78402D0106E1}_Small.jpg C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{CFB1F260-7F65-44F2-9FDB-696C0BF5A2AB}_Large.jpg C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\AlbumArt_{CFB1F260-7F65-44F2-9FDB-696C0BF5A2AB}_Small.jpg C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\desktop.ini C:\My Downloads\Lionel Richie - Coming Home & Bonus [DVDA 2006] [R&B] [www.file24ever.com]\Folder.jpg C:\My old Disk Structure -- 08-02-07 2354\WINDOWS\system32\lss11.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\AOL 9.0\aoltray.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Messenger\msmsgs.exe C:\Program Files\AOL 9.0\aolphx.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\AOL 9.0\RBM.exe C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Administrator\NTUSER.DAT.COPY.TMP.LOG C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp C:\WINDOWS\system32\RO8287.tmp.LOG C:\WINDOWS\system32\RO828C.tmp.LOG C:\WINDOWS\system32\RO828F.tmp.LOG C:\WINDOWS\system32\RO8294.tmp.LOG C:\WINDOWS\system32\RO8297.tmp.LOG C:\WINDOWS\system32\RO829C.tmp.LOG C:\WINDOWS\system32\RO829F.tmp.LOG C:\WINDOWS\system32\RO82A4.tmp.LOG C:\WINDOWS\system32\RO82A7.tmp.LOG C:\WINDOWS\system32\RO82AC.tmp.LOG C:\WINDOWS\system32\RO82AF.tmp.LOG C:\WINDOWS\system32\RO82B4.tmp.LOG Add/Remove Programs List: Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) Ace DivX Player Ace Media Player Active@ File Recovery 7.1 Ad-Aware SE Personal Adobe Photoshop 7.0.1 Adobe Shockwave Player Adobe Download Manager 2.2 (Remove Only) AnyDVD AOL Toolbar AOL Uninstaller (Choose which Products to Remove) AOL You've Got Pictures Screensaver AOL Coach Version 1.0(Build:20040229.1 uk) ASPI Rip Advanced Uninstaller PRO 2006 - version 7 AVG 7.5 AVI DivX to DVD SVCD VCD Converter 2.2.0 Azureus 3.0 Azureus Ultra Accelerator BitComet 0.84 Bitcomet Ultra Accelerator BitLord 1.1 BitRoll version 2.1.0.1 BitTornado 0.3.17 BitTorrent 5.0.6 BitTorrent Ultra Accelerator BT Voyager 105 ADSL Modem BT Voyager Modem AOL Test CCleaner (remove only) hex(2):44,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,00,20,00,28,\ Microsoft Windows XP Video Decoder Checkup Utility deskPDF 2.5 Professional Edition DivX Content Uploader DVD Shrink 3.2 Microsoft Office Enterprise 2007 ExtraTorrent Toolbar v1.0 FLV Player 1.3.3 FoxyTunes for Internet Explorer Girls Google Desktop Search Docudesk GPL Ghostscript 8.15 Hauppauge MCE2005 Software Encoder HexDump plug-in for Ad-Aware SE HijackThis 1.99.1 Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 IE7pro Internet Download Manager JukeBox Tools Update Rollup 2 for Windows XP Media Center Edition 2005 K-Lite Codec Pack 2.85 Standard Lexmark 1200 Series Lexmark 510 Series LimeWire PRO 4.13.0 LSP Explorer plug-in for Ad-Aware SE Magic ISO Maker v5.3 (build 0216) MagicDisc 2.5.74 MailWasher Pro CloneDVD 4.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft Money 2007 Mozilla Firefox (2.0.0.2) MpcStar 1.6 Microsoft Compression Client Pack 1.0 for Windows XP MSN Netscape Browser (remove only) Microsoft National Language Support Downlevel APIs PeerGuardian 2.0 Plato DVD Ripper 5.51 Pop-Up Stopper Free Edition PowerISO PowerTools 12.0 Logitech© Camera Driver RealPlayer Recover My Files RegScrubXP 3.25 SC Net Speed Booster 4.2.0.0 Adobe Flash Player 9 ActiveX Skype 3.0 Motorola SM56 Speakerphone Modem Spamihilator Spybot - Search & Destroy 1.4 Spyware Doctor 4.0 SpywareBlaster v3.5.1 Screensavers Installer Version 2 Learn2 Player (Uninstall Only) Sun(TM) Download Manager 2.0 System Restore Control Tesco internet access dialler Skype add-on for IE Torrent101 version 3.2.0.0 Tweak-SE plug-in for Ad-Aware SE TweakNow RegCleaner Standard Ulead Photo Express 2.0 SE Universal Torrent Accelerator æTorrent VCDEasy Viewpoint Media Player VideoLAN VLC media player 0.8.6a VSPopUp WinAce Archiver WinAVIVideoConverter Windows Live Toolbar WinPatrol 2007 Restore/Remove First WinRAR archiver Windows Live OneCare WinZip Windows Media Connect Microsoft User-Mode Driver Framework Feature Pack 1.5 XoftSpySE XP TCP/IP Repair 1.0 Yahoo! Anti-Spy Yahoo! Toolbar Yahoo! Extras Yahoo! Internet Mail Yahoo! Messenger Yahoo! Install Manager Zortam Mp3 Media Studio 6.66 Notifier ESSSONIC Nokia Connectivity Cable Driver netbrdg Popup Blocker (Windows Live Toolbar) Smart Menus (Windows Live Toolbar) ESSPCD AutoUpdate Microsoft Protection Service PowerStarter Google Toolbar for Internet Explorer Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4 TMPGEnc 4.0 XPress Trial Version Google Toolbar for Firefox essvatgt J2SE Runtime Environment 5.0 Update 11 Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Microsoft Windows OneCare Live v1.5.1890.18 Idcrl Install Microsoft Windows OneCare Live AntiSpyware and AntiVirus Mouse Gestures for Internet Explorer Skype Plugin Manager Power2Go 4.0 CR2 Microsoft Windows Journal Viewer iTunes Windows Live Sign-in Assistant Microsoft SQL Server Native Client QuickTime OneCare Advisor (Windows Live Toolbar) Microsoft SQL Server Setup Support Files (English) CardRd81 Microsoft Windows Live OneCare Resources v1.5.1890.18 Windows Live Messenger Map Button (Windows Live Toolbar) Opera 9.10 Microsoft Money Shared Libraries SHASTA VideoSync Media Center Diagnostic Kit ESSBrwr PX Engine PowerDVD Macromedia Flash Player 8 Microsoft Works Microsoft .NET Framework 2.0 MSXML 4.0 SP2 Parser and SDK WinPatrol 2007 Step 2 Windows Live Favorites for Windows Live Toolbar DivX Codec Windows Vista Upgrade Advisor staticcr ESSTOOLS Intel(R) Extreme Graphics 2 Driver DivX Player ESSini Microsoft Software Update for Web Folders (English) 12 Microsoft Office Access MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 ESSgui REALTEK Gigabit and Fast Ethernet NIC Driver MP3PowerEncoder VPRINTOL ESScore Windows Defender RealSpeak Solo for UK English Emily Windows Live Outlook Toolbar (Windows Live Toolbar) Apple Software Update PC Connectivity Solution Pando ESSCDBK DivX Converter OfotoXMI CCScore DivX Web Player KSU Microsoft SQL Server VSS Writer Logitech QuickCam Software Windows Live Toolbar Microsoft AutoRoute 2007 Microsoft .NET Framework 1.1 Microsoft Windows OneCare Live v1.5.1890.18 Kodak EasyShare software Nokia PC Suite SFR Google Toolbar for Internet Explorer AusLogics Disk Defrag tooltips CAM Wizard Nero 7 Ultra Edition kgcbase SKINXSDK WIRELESS Realtek AC'97 Audio SVCD2DVD 2.1 DEMO ESSPDock SKIN0001 Finished
HijackThis log looks good Can I get you to do me a favor please... Go here: http://www.virustotal.com/en/indexf.html And upload this file into the scanner and report back the results... C:\My old Disk Structure -- 08-02-07 2354\WINDOWS\system32\lss11.exe Thanks.
Hi, a little while ago, I did a scan with fix ware out and now the file that you asked to be analysed seems to have gone...I have enclosed hijack log to see what you think. Many thanks Julie Logfile of HijackThis v1.99.1 Scan saved at 22:10:40, on 03/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\PeerGuardian2\pg2.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Common Files\AOL\1172919694\ee\aolsoftware.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\iPod\bin\iPodService.exe C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\AOL Companion\companion.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Julie May Clark\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172919694\ee\AOLSoftware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [IDMan] C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download All Links with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\My old Disk Structure -- 10-02-07 2318\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9747BE69-C6CF-4B22-9C6B-BC52A6F402EE}: NameServer = 205.188.146.145 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: BDMBKZBCJX - GRISOFT, s.r.o. - (no file) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - Unknown owner - (no file)
Hmmm... strange. This 023 from your first log... O23 - Service: BDMBKZBCJX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\BDMBKZBCJX.exe Is usually an indicator of Sysinternals RootKit Revealer having been run. Have you run another application from Sysinternals recently? I ask because in your latest log its saying it belongs to Grisoft O23 - Service: BDMBKZBCJX - GRISOFT, s.r.o. - (no file) Which isn't right...