i dont kno wut happened but my computer just got destroyed lol. please help me. Logfile of HijackThis v1.99.1 Scan saved at 12:57:54 AM, on 8/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe c:\boot.inx C:\Program Files\America Online 9.0\waol.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\Documents and Settings\JoEy ZuCcZ\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://atribune.org/ccount/click.php?id=4 R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\papypy.exe reg_run O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels8.exe O4 - HKLM\..\Run: [455f15e.exe] C:\WINDOWS\system32\455f15e.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [455f15e.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\455f15e.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll O20 - AppInit_DLLs: repairs303169590.dll O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\en0ml1d11.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9FeSBadUNjWg\command.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
i dont kno wut happened, i was messing around with it and itz better now i think, heres the new log file. Logfile of HijackThis v1.99.1 Scan saved at 1:39:06 AM, on 8/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\Sm9FeSBadUNjWg\command.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\JoEy ZuCcZ\Desktop\HijackThis.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\k4js0e17eh.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9FeSBadUNjWg\command.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
Logfile of HijackThis v1.99.1 Scan saved at 11:05:45 AM, on 8/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\JoEy ZuCcZ\Desktop\scan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\k662lgjo16oc.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
download Look2Me-Destroyer.exe and save it to your desktop. http://www.atribune.org/ccount/click.php?id=7 Close all windows before continuing. Double-click Look2Me-Destroyer.exe to run it. Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown. Turn your computer back on. Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log. If Look2Me-Destroyer does not reopen automatically, reboot and try again. If you receive a message from your firewall about this program accessing the internet please allow it. If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory. http://www.ascentive.com/support/new...b/MSWINSCK.OCX
Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 8/18/2006 12:23:03 PM Infected! C:\WINDOWS\system32\k662lgjo16oc.dll Infected! C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0031061.dll Infected! C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032086.dll Infected! C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032124.dll Infected! C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032134.dll Infected! C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032147.dll Infected! C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032153.dll Infected! C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032160.dll Infected! C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032161.dll Infected! C:\WINDOWS\system32\d2j0lc1m1f.dll Infected! C:\WINDOWS\system32\EXECioCtl.dll Infected! C:\WINDOWS\system32\ftntext.dll Infected! C:\WINDOWS\system32\h20q0cd5ef0.dll Infected! C:\WINDOWS\system32\htcoin.dll Infected! C:\WINDOWS\system32\k662lgjo16oc.dll Infected! C:\WINDOWS\system32\l4r00e9meh.dll Infected! C:\WINDOWS\system32\sjrmdll.dll Infected! C:\WINDOWS\system32\swlwid.dll Infected! C:\WINDOWS\system32\TIBWLS.dll Infected! C:\WINDOWS\system32\waaueng1.dll Infected! C:\WINDOWS\system32\wtvcore.dll Infected! C:\WINDOWS\system32\guard.tmp Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\k662lgjo16oc.dll C:\WINDOWS\system32\k662lgjo16oc.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0031061.dll C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0031061.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032086.dll C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032086.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032124.dll C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032124.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032134.dll C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032134.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032147.dll C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032147.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032153.dll C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032153.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032160.dll C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032160.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032161.dll C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP115\A0032161.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\d2j0lc1m1f.dll C:\WINDOWS\system32\d2j0lc1m1f.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\EXECioCtl.dll C:\WINDOWS\system32\EXECioCtl.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\ftntext.dll C:\WINDOWS\system32\ftntext.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\h20q0cd5ef0.dll C:\WINDOWS\system32\h20q0cd5ef0.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\htcoin.dll C:\WINDOWS\system32\htcoin.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\k662lgjo16oc.dll C:\WINDOWS\system32\k662lgjo16oc.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\l4r00e9meh.dll C:\WINDOWS\system32\l4r00e9meh.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\sjrmdll.dll C:\WINDOWS\system32\sjrmdll.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\swlwid.dll C:\WINDOWS\system32\swlwid.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\TIBWLS.dll C:\WINDOWS\system32\TIBWLS.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\waaueng1.dll C:\WINDOWS\system32\waaueng1.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\wtvcore.dll C:\WINDOWS\system32\wtvcore.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E09A398F-C34A-4ECF-A263-6DEDF493621F}" HKCR\Clsid\{E09A398F-C34A-4ECF-A263-6DEDF493621F} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{44815C4E-6DAA-4B82-B427-E9ECABCF228B}" HKCR\Clsid\{44815C4E-6DAA-4B82-B427-E9ECABCF228B} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{16A32751-A55F-4213-846F-7024CD14F92D}" HKCR\Clsid\{16A32751-A55F-4213-846F-7024CD14F92D} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F5830087-588D-4F9A-9ED1-82DF328AAE62}" HKCR\Clsid\{F5830087-588D-4F9A-9ED1-82DF328AAE62} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{547FB713-775E-44C2-8A65-30A96506B79E}" HKCR\Clsid\{547FB713-775E-44C2-8A65-30A96506B79E} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrators - Succeeded __________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 12:29:15 PM, on 8/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\JoEy ZuCcZ\Desktop\scan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
Click here to download ATF Cleaner by Atribune and save it to your desktop. http://majorgeeks.com/ATF_Cleaner_d4949.html * Double-click ATF-Cleaner.exe to run the program. * Under Main choose: Select All * Click the Empty Selected button. o If you use Firefox: + Click Firefox at the top and choose: Select All + Click the Empty Selected button. + NOTE: If you would like to keep your saved passwords, please click No at the prompt. o If you use Opera: + Click Opera at the top and choose: Select All + Click the Empty Selected button. + NOTE: If you would like to keep your saved passwords, please click No at the prompt. * Click Exit on the Main menu to close the program. In normal mode Run ActiveScan online virus scan: http://www.pandasoftware.com/products/activescan.htm When the scan is finished, save the results from the scan!! Come back here and post a new Hijack This log along with the logs from the Panda scan.
the panda thing found nothing. Logfile of HijackThis v1.99.1 Scan saved at 3:47:41 PM, on 8/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AOL\1139523301\ee\aolsoftware.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\JoEy ZuCcZ\Desktop\scan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{684E6EA9-4FDA-42AC-9B4D-B1FF185440AB}: NameServer = 205.188.146.145 O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
