Hi. Something has been triggering pop-ups and has been trying to download various items through my DAP or Microsoft office updates. My computer is also running slower than normal. I have tried cc cleaner, avg, spyware s&d, and ad-aware and they have fixed a few problems but not all. Here is a hijack this log. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:05:46, on 11/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\devldr32.exe C:\PROGRA~1\COMMON~1\rsMenu.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {36D92B01-22BC-4FB7-A7AC-C574873FDDBE} - (no file) O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\system32\ZiepodOneClicker.dll O2 - BHO: offersfortoday browser enhancer - {725618A2-4A32-C4D5-5838-E6552EC4FA27} - C:\WINDOWS\system32\etsfukbepl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - (no file) O2 - BHO: offersfortoday - {97332a54-7f76-654e-c7b7-8e99ab09dc55} - C:\WINDOWS\system32\nskC.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: (no name) - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - (no file) O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [zhkcszlkmpnpgspbh] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\etsfukbepl.dll" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [xrJNtkfgCF] C:\Documents and Settings\All Users\Application Data\hovidslo\bgdozida.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0.32/videoblackjack/videoblackjack-ob-assets.cab O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.2.29/canasta/canasta-ob-assets.cab O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.5.37/superbingo/superbingo-ob-assets.cab O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.0.3.35/hearts/hearts-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahjong/mahjong-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.20/flinger/flinger-ob-assets.cab O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.3.28/pinochle/pinochle-ob-assets.cab O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/poppit/poppit-ob-assets.cab O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.5.30/squelchies/squelchies-ob-assets.cab O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.1.20/sweettooth/sweettooth-ob-assets.cab O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.com/applet-5.9.5.30/peaks/peaks-ob-assets.cab O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.2.29/jumbee/jumbee-ob-assets.cab O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/videopoker2/videopoker-ob-assets.cab O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.31/wordwhomp/wordwhomp-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9.5.37/whackdown/whackdown-ob-assets.cab O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.31/wordjong/wordjong-ob-assets.cab O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.32/worldclass/worldclass-ob-assets.cab O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/dwayready/dpcsysinfo.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://playweb04.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab O21 - SSODL: wbqxfpgl - {04179648-DC4E-4B85-B62B-07EBE03EE5C7} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe -- End of file - 10221 bytes
I am now experiencing some sort of corrupted key type of virus. I am currently running a kaspersky online scan and I am going to try to run a smitfraud fixer which I used before to correct the key-logging program.
Hi seohioguy You are indeed infected. Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required. Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop. Configuring Malwarebytes • Click on the tab Settings. • Make sure only these boxes are checked: Code: Terminate Internet Explorer Automatically save and display logfile after removal Always scan memory objects Always scan registry objects Always scan filesystem Always scan extra and heuristics objects Updating Malwarebytes • Click on the tab Update. • Press the button Check for Updates • Wait for Malwarebytes to be fully updated. Scanning Time • Click on the tab Scanner. • Check Perform full scan and click on Scan • Wait for the scan to complete, and then click on Show Results. • Make sure all items are checked, then click on Remove Selected. **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately. Post A Log • A text box will pop up after the removal process is over. Post the contents of the text here. • If no text box pops up, launch Malwarebytes, and click on the tab Logs. • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open. • Post the log here. Best Regards
Hi again. First of all, thanks for the response. I ran the program and it found the following: Malwarebytes' Anti-Malware 1.30 Database version: 1356 Windows 5.1.2600 Service Pack 2 11/2/2008 1:20:53 PM mbam-log-2008-11-02 (13-20-53).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 96510 Time elapsed: 1 hour(s), 17 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 20 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9} (Adware.MediaMotor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_offersfortoday (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vwsrfton.bmaf (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vwsrfton.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{725618a2-4a32-c4d5-5838-e6552ec4fa27} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{725618a2-4a32-c4d5-5838-e6552ec4fa27} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97332a54-7f76-654e-c7b7-8e99ab09dc55} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{97332a54-7f76-654e-c7b7-8e99ab09dc55} (Adware.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zhkcszlkmpnpgspbh (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wbqxfpgl (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{F1F30E4F-284F-492F-9D3A-CADF4C4554C7}\RP878\A0221160.dll (Adware.Rotator) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\nsoffersfortoday.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\etsfukbepl.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cont_offersfortoday-remove.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Documents and Settings\Mark\Application Data\TmpRecentIcons\Antivirus-2008.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nskC.dll (Adware.BHO) -> Quarantined and deleted successfully.
Hey seohioguy Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
It seems to be running normal now, just slowly. I fear this machine is on it's last leg as I'm at least the 3rd owner and I have no idea where the windows disk went to or even if it's valid so I can't reformat it. Hopefully I can keep it up and running until I can afford to either buy a copy of XP or a new comp. Here's the log ComboFix 08-11-03.03 - Mark 2008-11-03 20:04:32.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.432 [GMT -5:00] Running from: C:\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))))) . 2008-11-03 19:51 . 2008-11-03 19:52 <DIR> d-------- C:\Combo-Fix 2008-11-03 19:46 . 2008-11-03 19:51 3,024,507 -ra------ C:\ComboFix.exe 2008-11-02 15:34 . 2008-11-02 15:34 61,440 --a------ c:\windows\system32\drivers\torvini.sys 2008-11-02 11:57 . 2008-11-02 11:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-02 11:57 . 2008-11-02 11:57 <DIR> d-------- c:\documents and settings\Mark\Application Data\Malwarebytes 2008-11-02 11:57 . 2008-11-02 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-02 11:57 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-02 11:57 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-01 12:03 . 2008-11-01 12:03 1,308,216 --a------ C:\HiJackThis_v2.exe 2008-11-01 11:48 . 2008-11-01 11:48 1,077,632 --a------ C:\RegCureSetup_1501_RW.exe 2008-10-30 10:37 . 2008-10-30 10:37 190,976 --a------ c:\windows\system32\_etsfukbepl.dll 2008-10-27 22:50 . 2008-10-27 22:50 <DIR> d-------- C:\SmitfraudFix1 2008-10-27 22:49 . 2008-10-27 22:49 1,600,064 --a------ C:\SmitfraudFix1.zip 2008-10-27 19:47 . 2008-10-27 19:48 849,924 --a------ C:\take3.mpg 2008-10-26 18:25 . 2008-10-26 18:25 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-10-26 18:25 . 2008-10-26 18:25 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-10-26 14:54 . 2008-10-26 14:54 <DIR> d-------- C:\Sports Mogul 2008-10-26 14:54 . 2008-10-26 14:54 13,058,575 --a------ C:\FootballMogul2009demo.exe 2008-10-26 00:11 . 2008-10-26 00:11 318,369 --a------ C:\HiJackThis.zip 2008-10-21 18:28 . 2008-10-26 08:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\hovidslo 2008-10-21 18:27 . 2008-11-01 11:42 77,947 --a------ c:\windows\system32\izkclnvtdugo.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-03 13:57 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7 2008-11-02 20:34 118 ----a-w c:\program files\vlzrrpuq.txt 2008-11-02 03:26 3,044 ----a-w c:\windows\system32\tmp.reg 2008-11-02 02:37 --------- d-----w c:\documents and settings\Mark\Application Data\AVG7 2008-10-31 00:59 --------- d-----w c:\documents and settings\Mark\Application Data\LimeWire 2008-10-27 02:35 --------- d-----w c:\program files\MUSICMATCH 2008-10-27 02:32 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-27 02:31 --------- d-----w c:\program files\Common Files\RandSync 2008-10-26 23:12 --------- d-----w c:\program files\Iomega 2008-09-14 02:05 --------- d-----w c:\documents and settings\Mark\Application Data\Move Networks 2004-10-09 04:32 2,199 ----a-w c:\program files\uninstal.log 1999-10-18 19:48 64 ----a-w c:\program files\Common Files\vssver.scc 1999-03-02 14:17 696,320 ----a-w c:\program files\Common Files\rsMHook.dll 1999-01-05 17:40 20,480 ----a-w c:\program files\Common Files\rsMenu.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2001-08-23 77891] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263] "DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2005-03-11 1069056] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872] "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456] "AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-16 590848] "DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 184408] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2008-02-03 219136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-08 113664] MFWAKeys.lnk - c:\program files\MOTU\FireWire Audio\MFWAKeys.exe [2004-09-10 126976] Microsoft Office OneNote 2003 Quick Launch.lnk.disabled [2005-05-20 1812] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispSettingPage"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll "midi2"= rddv1033.dll "midi3"= rddv1033.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Harmony 98 - CasioOrg"=c:\progra~1\COMMON~1\RandSync\Translators\CasioOrg\CasAgnt.exe EN "LWBKEYBOARD"=c:\program files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe "Enterprise Harmony '99"=c:\progra~1\COMMON~1\rsMenu.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "d:\\limewire\\LimeWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [1999-11-16 4484] R2 A4SII300;A4SII300;c:\windows\system32\drivers\A4SII300.SYS [1998-02-26 25632] R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus.sys [2003-07-10 15488] S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;c:\windows\system32\DRIVERS\AN983.sys [2004-08-03 36224] S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [ ] S3 krdpdre;krdpdre;c:\docume~1\Mark\LOCALS~1\Temp\krdpdre.sys [ ] S3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2004-02-25 18560] S3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWAVE.sys [2004-02-25 24320] S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\MotuFWA.sys [2004-03-22 131456] S3 RDID1033;Roland RS-70;c:\windows\system32\Drivers\rdwm1033.sys [2003-03-27 43900] S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;c:\windows\system32\DRIVERS\USRpdA.sys [2001-08-17 113762] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] . - - - - ORPHANS REMOVED - - - - HKLM-Explorer_Run-xrJNtkfgCF - c:\documents and settings\All Users\Application Data\hovidslo\bgdozida.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\3qn7ok9b.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-03 20:06:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . Completion time: 2008-11-03 20:09:32 ComboFix-quarantined-files.txt 2008-11-04 01:09:13 Pre-Run: 5,181,415,424 bytes free Post-Run: 5,323,788,288 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 155
Hey seohioguy You still are infected... does AVG detect anything at all? Please download Superantispyware Free and install it. Follow the prompts and reboot if required. Launch Superantispyware Free either by running C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware... Configuring SuperAntispyware • Click on Preferences. • In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run. • Navigate to the tab Scanning Control. • Make sure only these boxes are checked: Code: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Scan Alternate Data Streams Use Kernel Direct File Access (recommended) Use Kernel Direct Registry Access (recommended) Use Direct Disk Access (recommended) • Click on Close. Updating SuperAntispyware • At the main window, click on Check for Updates.... • Wait for SuperAntispyware to be fully updated. Scanning Time • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode. • Launch SuperAntispyware. • At the main window, click on Scan your Computer.... • Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next. • Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items. • Reboot your computer. Post A Log • Launch SuperAntispyware • Click on Preferences • Navigate to the tab Statistics/Logs. • Choose the latest scan log, and the click on View Log.... • Copy and paste the contents of the log here in your next post. Best Regards
Wasn't able to get it in safe mode. Here is the log I was able to generate. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/10/2008 at 09:29 PM Application Version : 4.21.1004 Core Rules Database Version : 3629 Trace Rules Database Version: 1613 Scan type : Complete Scan Total Scan Time : 01:18:37 Memory items scanned : 360 Memory threats detected : 0 Registry items scanned : 5109 Registry threats detected : 7 File items scanned : 48159 File threats detected : 79 Adware.Tracking Cookie C:\Documents and Settings\Mark\cookies\mark@axxessads.valuead[1].txt C:\Documents and Settings\Mark\cookies\mark@adopt.specificclick[2].txt C:\Documents and Settings\Mark\cookies\mark@reduxmedia[1].txt C:\Documents and Settings\Mark\cookies\mark@harrenmedianetwork[1].txt C:\Documents and Settings\Mark\cookies\mark@media.ntsserve[1].txt C:\Documents and Settings\Mark\cookies\mark@serv.clicksor[3].txt C:\Documents and Settings\Mark\cookies\mark@adserver.easyad[3].txt C:\Documents and Settings\Mark\cookies\mark@adserver.adtechus[1].txt C:\Documents and Settings\Mark\cookies\mark@www.safewebnavigate2008[2].txt C:\Documents and Settings\Mark\cookies\mark@protect.trustedantivirus[2].txt C:\Documents and Settings\Mark\cookies\mark@doubleclick[1].txt C:\Documents and Settings\Mark\cookies\mark@atlas.entrepreneur[2].txt C:\Documents and Settings\Mark\cookies\mark@trafficmp[2].txt C:\Documents and Settings\Mark\cookies\mark@yadro[1].txt C:\Documents and Settings\Mark\cookies\mark@cfusion[1].txt C:\Documents and Settings\Mark\cookies\mark@rotator.its.adjuggler[1].txt C:\Documents and Settings\Mark\cookies\mark@cgi-bin[2].txt C:\Documents and Settings\Mark\cookies\mark@interclick[1].txt C:\Documents and Settings\Mark\cookies\mark@adbrite[1].txt C:\Documents and Settings\Mark\cookies\mark@crackle[1].txt C:\Documents and Settings\Mark\cookies\mark@specificclick[1].txt C:\Documents and Settings\Mark\cookies\mark@questionmarket[4].txt C:\Documents and Settings\Mark\cookies\mark@media6degrees[2].txt C:\Documents and Settings\Mark\cookies\mark@ad.zanox[2].txt C:\Documents and Settings\Mark\cookies\mark@ad.convertsmart[1].txt C:\Documents and Settings\Mark\cookies\mark@serving-sys[2].txt C:\Documents and Settings\Mark\cookies\mark@scan.antispyware-free-scanner[1].txt C:\Documents and Settings\Mark\cookies\mark@ads.pointroll[2].txt C:\Documents and Settings\Mark\cookies\mark@www.burstbeacon[1].txt C:\Documents and Settings\Mark\cookies\mark@chitika[2].txt C:\Documents and Settings\Mark\cookies\mark@sxp.hitmngr[1].txt C:\Documents and Settings\Mark\cookies\mark@publishers.clickbooth[2].txt C:\Documents and Settings\Mark\cookies\mark@zedo[2].txt C:\Documents and Settings\Mark\cookies\mark@ad.yieldmanager[2].txt C:\Documents and Settings\Mark\cookies\mark@1152[2].txt C:\Documents and Settings\Mark\cookies\mark@lotsofads.smilingtraffic[1].txt C:\Documents and Settings\Mark\cookies\mark@mediaplex[1].txt C:\Documents and Settings\Mark\cookies\mark@scan.antispyware2008scanner[1].txt C:\Documents and Settings\Mark\cookies\mark@insightexpressai[1].txt C:\Documents and Settings\Mark\cookies\mark@azjmp[1].txt C:\Documents and Settings\Mark\cookies\mark@virusremover2008[2].txt C:\Documents and Settings\Mark\cookies\mark@indiads[1].txt C:\Documents and Settings\Mark\cookies\mark@a.websponsors[1].txt C:\Documents and Settings\Mark\cookies\mark@ads.addynamix[2].txt C:\Documents and Settings\Mark\cookies\mark@atwola[3].txt C:\Documents and Settings\Mark\cookies\mark@bestsecureexpertcleaner[2].txt C:\Documents and Settings\Mark\cookies\mark@realmedia[2].txt C:\Documents and Settings\Mark\cookies\mark@advertising[3].txt C:\Documents and Settings\Mark\cookies\mark@banner_js[1].txt C:\Documents and Settings\Mark\cookies\mark@media-servers[1].txt C:\Documents and Settings\Mark\cookies\mark@ads.imarketservices[1].txt C:\Documents and Settings\Mark\cookies\mark@pcvirusremover2008[2].txt C:\Documents and Settings\Mark\cookies\mark@ads.realtechnetwork[1].txt C:\Documents and Settings\Mark\cookies\mark@myroitracking[1].txt C:\Documents and Settings\Mark\cookies\mark@windowsmedia[1].txt C:\Documents and Settings\Mark\cookies\mark@yieldmanager[2].txt C:\Documents and Settings\Mark\cookies\mark@www.burstnet[1].txt C:\Documents and Settings\Mark\cookies\mark@adjuggler[2].txt C:\Documents and Settings\Mark\cookies\mark@www.macromedia[2].txt C:\Documents and Settings\Mark\cookies\mark@fastclick[1].txt C:\Documents and Settings\Mark\cookies\mark@247realmedia[2].txt C:\Documents and Settings\Mark\cookies\mark@bannerconnect[1].txt C:\Documents and Settings\Mark\cookies\mark@apmebf[2].txt C:\Documents and Settings\Mark\cookies\mark@servedby.adxpower[1].txt C:\Documents and Settings\Mark\cookies\mark@bs.serving-sys[1].txt C:\Documents and Settings\Mark\cookies\mark@2o7[1].txt C:\Documents and Settings\Mark\cookies\mark@free.wegcash[1].txt C:\Documents and Settings\Mark\cookies\mark@personalantispy[2].txt C:\Documents and Settings\Mark\cookies\mark@adknowledge[2].txt C:\Documents and Settings\Mark\cookies\mark@gomyhit[1].txt C:\Documents and Settings\Mark\cookies\mark@adecn[2].txt C:\Documents and Settings\Mark\cookies\mark@atdmt[2].txt C:\Documents and Settings\Mark\cookies\mark@adopt.euroclick[1].txt C:\Documents and Settings\Mark\cookies\mark@specificmedia[1].txt C:\Documents and Settings\Mark\cookies\mark@pcprivacycleaner[2].txt C:\Documents and Settings\Mark\cookies\mark@revsci[2].txt Adware.MyWebSearch/FunWebProducts HKU\.DEFAULT\SOFTWARE\Fun Web Products HKU\S-1-5-19\SOFTWARE\Fun Web Products HKU\S-1-5-19_Classes\SOFTWARE\Fun Web Products HKU\S-1-5-20\SOFTWARE\Fun Web Products HKU\S-1-5-20_Classes\SOFTWARE\Fun Web Products HKU\S-1-5-21-790525478-813497703-1202660629-1003_Classes\SOFTWARE\Fun Web Products HKU\S-1-5-18\SOFTWARE\Fun Web Products Adware.Vundo/Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F30E4F-284F-492F-9D3A-CADF4C4554C7}\RP879\A0221203.DLL C:\WINDOWS\SYSTEM32\_ETSFUKBEPL.DLL Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\IZKCLNVTDUGO.EXE
Hey seohioguy Please post a new HijackThis log, and tell me what problems you have left. Follow these instructions for an updated HijackThis: Before we begin the cleanup process, it is important to do a little analysis first. We will analyze your computer with a tool called HijackThis. Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file. Rename HijackThis(.exe) to scanner(.exe). Next, run scanner(.exe). A window will pop up. • Click on the button which says Main Menu, then Do a system scan and save a logfile. • Please wait for the scan to be completed. • After the scan has completed, a text window will pop up. Please post the contents of this window here. This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved. NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer. Best Regards
Here ya go, thanks again for all the help. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 5:59:32, on 11/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\system32\ZiepodOneClicker.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - (no file) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0.32/videoblackjack/videoblackjack-ob-assets.cab O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.2.29/canasta/canasta-ob-assets.cab O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.5.37/superbingo/superbingo-ob-assets.cab O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.0.3.35/hearts/hearts-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahjong/mahjong-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.20/flinger/flinger-ob-assets.cab O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.3.28/pinochle/pinochle-ob-assets.cab O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/poppit/poppit-ob-assets.cab O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.5.30/squelchies/squelchies-ob-assets.cab O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.1.20/sweettooth/sweettooth-ob-assets.cab O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.com/applet-5.9.5.30/peaks/peaks-ob-assets.cab O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.2.29/jumbee/jumbee-ob-assets.cab O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/videopoker2/videopoker-ob-assets.cab O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.31/wordwhomp/wordwhomp-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9.5.37/whackdown/whackdown-ob-assets.cab O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.31/wordjong/wordjong-ob-assets.cab O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.32/worldclass/worldclass-ob-assets.cab O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/dwayready/dpcsysinfo.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe -- End of file - 9478 bytes
Hey seohioguy Please run HijackThis. • Click on the button which says Main Menu, then Do a system scan only. • Please wait for the scan to be completed. • After the scan has completed, check the following entries. Code: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local> O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) Click on the button Fix checked NOTE:: Close all browsers before fixing anything. Any problems left? Best Regards
