View Full Version : Someone please help me!!!
roxygrly1431
3 Nov 2006, 12:58am
Hello all.
So heres the problem.
My computer has so much spyware and junk on it, that i can't navigate through a single web page without at least three pop up windows, well, popping up.
Ive ran adaware several times in the past to try and fix the problem, but it doesnt do much.
I know one of the problems is winpro2006, (or something similar to that), because it get endless pop-ups from them. ALSO, recently, a toolbar (vs toolbar i think) has shown up, unexplained, and wont leave. :)
My computer is so bogged down from all this junk. I did download all the programs, ran all the scans, and have all of my logs handy. :) If anyone can help me out, i would GREATLY appreciate it!! I have a cable modem, and my computer runs like dialup from 95. :)
I did the activescan, kaspersky, and panda, and was able to save all the logs, except for the panda.
When it finished, i went to save the log file, and go figure, my computer froze up on me. I didnt have the patience to run another 2.5 hour scan. :)
The kaspersky log file was WAY too long for me to post, but if it will be of any help, i can provide the results.
THANKS SO MUCH!!!
---------------------------------------------------
HiJack this log...
---------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:44:18 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton\navapsvc.exe
C:\Program Files\Norton\AdvTools\NPROTECT.EXE
C:\Program Files\Norton\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6355FE44-F11F-43DF-87F3-F24B754F9073} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: (no name) - {BB62073C-E9B8-4583-87AA-E841ACE1DACb} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton\NavShExt.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\awvvs.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\dtckfgvb.dll
O2 - BHO: (no name) - {F745E180-8911-4EC3-AA48-5440E646B8Af} - C:\WINDOWS\system32\hnebwxex.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton\NavShExt.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c420.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures02.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.7.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ithmjfyj - ithmjfyj.dll (file missing)
O20 - Winlogon Notify: mljge - mljge.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rvohewbh - rvohewbh.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--------------------------------------------------------
Active scan log
---------------------------------------------------------
Incident Status Location
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.zedo.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[server.iad.liveperson.net/hc/31953349]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@com[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@realmedia[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@stats1.reliablestats[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@trafficmp[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@www.myaffiliateprogram[2].txt
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Shannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\Cache\B23E4567d01
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[www.winantivirus.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[.fastclick.net/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-18022163-75b07a18.zip[Dummy.class]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Tim\Local Settings\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\Cache\004982A7d01
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Documents and Settings\Tim\Local Settings\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\Cache\069CD5C0d01
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Tim\Local Settings\Temp\ZangoToolbarInstaller.exe[ZangoInstaller.exe]
Adware:Adware/Trymedia Not disinfected C:\Downloads\PrisonTycoonSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\WormsArmageddon-dm[1].exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
Adware:adware/ncase Not disinfected C:\temp\salmau.dat
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\blocklist.reg
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\aopnjvti.exe
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\awvvs.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\baondxjb.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\cnohdnym.exe
Adware:Adware/Popuper Not disinfected C:\WINDOWS\SYSTEM32\dbeeogmo.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\dimidpbh.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\djbvsswk.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\SYSTEM32\egpmahlt.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\fxxdgbhq.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\ihkartxe.dll
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\ioujjgpb.exe
Virus:Trj/ChampMailer.C Disinfected C:\WINDOWS\SYSTEM32\ithmjfyj.dll
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\jtoqynwk.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\SYSTEM32\jxvxfwik.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\kabkggof.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\SYSTEM32\komapgyc.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\lhcurvqp.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\lnxyphrl.exe
Adware:Adware/Popuper Not disinfected C:\WINDOWS\SYSTEM32\mskwpdxf.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\nixgsnpk.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\ofmagxam.exe
Adware:Adware/StartPage.AIW Not disinfected C:\WINDOWS\SYSTEM32\pmnnk.dll
Adware:Adware/Popuper Not disinfected C:\WINDOWS\SYSTEM32\qivmofjd.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\rbuyfxgh.exe
Adware:Adware/Popuper Not disinfected C:\WINDOWS\SYSTEM32\rqifajuv.exe
Virus:Trj/ChampMailer.C Disinfected C:\WINDOWS\SYSTEM32\rvohewbh.dll
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\sclhcmcb.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\uhyuvdru.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\SYSTEM32\vlnkbgrm.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\vtutr.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\xnijsvlq.exe
Hi roxygrly1431, welcome to Short-Media Forums!
I need you to do some things for me please:
Step 1
I would like to see another log from HijackThis. Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button.
Save the file to your desktop, with the default name of uninstall_list
Copy & Paste the entire contents of that file in your in your next post.
Step 2
I need you to scan a file
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
C:\WINDOWS\system32\hnebwxex.dll
Click on the submit button
Please post the results in your next reply.
Step 3
Post the Uninstall list, along with the scan results back here.
roxygrly1431
4 Nov 2006, 1:06am
First off.. Thanks so much for your quick reply :)
I followed your instructions, and here is my hijackthis uninstall log.
Underneath that, you will find the results to the online malware scan.
I noticed in the uninstal log it shows a program called theme hospital. That is a game i downloaded, which i think may have given me a virus. Ive tried to delete it before under add/remove programs, but it wont delete all of the components.
----------------------------------------
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Photoshop 7.0
AOL Instant Messenger
AVG Free Edition
CC_ccStart
ccCommon
Dell Digital Jukebox Driver
Dell Media Experience
Dell Photo Printer 720
Dell Solution Center
Dell Support
DivX
FinePixViewer Ver.3.2
Fruity Loops 3 Full Final
FUJIFILM USB Driver
Greetings Workshop
GSM Multifund DLL + OCX Pack v.1
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
ImageMixer VCD for FinePix
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
iPod for Windows 2005-10-12
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
Lexmark X74-X75
LimeWire 4.10.9
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
MicroStaff WINASPI
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (1.5)
MSN Messenger 7.5
MSRedist
Norton AntiVirus 2004 Professional
Norton AntiVirus 2004 Professional (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Panda ActiveScan
QuickTime
RealPlayer
Scientific Atlanta WebSTAR 2000 series Cable Modem
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Symantec Script Blocking Installer
SymNet
Theme Hospital
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VSAdd-in for Internet Explorer
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 12
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
ZoneAlarm
-----------------------------------
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: hnebwxex.dll
Status: INFECTED/MALWARE
MD5 5d22f508f79da8e1e2893c38dd585312
Packers detected: -
Scanner results
AntiVir Found Heuristic/Crypted (probable variant)
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found MemScan:Trojan.BHO.D
ClamAV Found nothing
Dr.Web Found Adware.Hotbot
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Vundo.gen1
VirusBuster Found nothing
VBA32 Found nothing
>>>>
This was what showed up near the bottom of the malware scan screen...
Scanner Malware name
AntiVir Heuristic/Crypted
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
VirusBuster X
VBA32 X
I hope that helps, and THANKS SO MUCH AGAIN!!! :)
Hi roxygrly1431! Before we continue with the fix, can I ask you to scan C:\WINDOWS\system32\hnebwxex.dll again but at another website.
Please go to VirusTotal (www.virustotal.com/)
Copy and paste the following file path into the Search Box at the top of the page:
C:\WINDOWS\system32\hnebwxex.dll
Click on the Send button
Please post the results in your next reply.
Thanks! :)
roxygrly1431
4 Nov 2006, 6:58pm
OK.. heres the results of the other new scan i was told to do.
Hope this helps :)
STATUS: FINISHEDComplete scanning result of "hnebwxex.dll_", received in VirusTotal at 11.04.2006, 18:50:30 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 HEUR/Crypted
Authentium 4.93.8 11.04.2006 no virus found
Avast 4.7.892.0 11.03.2006 no virus found
AVG 386 11.03.2006 no virus found
BitDefender 7.2 11.04.2006 MemScan:Trojan.BHO.D
CAT-QuickHeal 8.00 11.04.2006 no virus found
ClamAV devel-20060426 11.04.2006 no virus found
DrWeb 4.33 11.04.2006 no virus found
eTrust-InoculateIT 23.73.45 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.04.2006 no virus found
Fortinet 2.82.0.0 11.04.2006 Vundo!tr
F-Prot 3.16f 11.04.2006 no virus found
F-Prot4 4.2.1.29 11.04.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.04.2006 no virus found
McAfee 4888 11.03.2006 Vundo
Microsoft 1.1609 11.04.2006 no virus found
NOD32v2 1.1853 11.03.2006 no virus found
Norman 5.80.02 11.03.2006 W32/Vundo.gen1
Panda 9.0.0.4 11.04.2006 no virus found
Sophos 4.10.0 10.26.2006 Virtumundo
TheHacker 6.0.1.112 11.03.2006 no virus found
UNA 1.83 11.03.2006 no virus found
VBA32 3.11.1 11.04.2006 no virus found
VirusBuster 4.3.15:9 11.04.2006 no virus found
Aditional Information
File size: 122900 bytes
MD5: 5d22f508f79da8e1e2893c38dd585312
SHA1: f313db5fb8b49f4dad3afdea557afc9e30c89395
packers: PECRYPT
packers: Dot_newsec
Thanks again :)
Thanks roxygrly1431 for doing that.
Your running TWO anti-virus programs (AVG and Norton). This is not a good idea, as TWO anti-virus programs can conflict and cause problems. You need to uninstall one from Add/Remove programs.
_________________________
Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VSAdd-in for Internet Explorer
_________________________
Run HijackThis and click on Open the Misc Tools section.
Click on Open Uninstall Manager
Find Theme Hospital and click on Delete this entry on the right
_________________________
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
roxygrly1431
5 Nov 2006, 4:28pm
Ok I did everything. I was able to find both viewpoint programs, and the vs toolbar, and i got rid of them.
I ran vundo, and that got rid of some stuff too.
Also, when going through the most recent hijack this log, i noticed a couple programs on there:
systemdr
winantivirus
winantiviruspro
all of these were in the same area of the log. Most of the pop ups i get are generated from winpro. So i thought maybe those might be something i should look at?
Also, i thought i read somewhere that systemdr is a antispyware/virus program that itself is spyware.
I could be mistaken.
Thanks again,
Shannon
Heres my new log
------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:25:16 AM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Local Page =
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Inte
rnet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) -
{6355FE44-F11F-43DF-87F3-F24B754F9073} -
C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: (no name) -
{BB62073C-E9B8-4583-87AA-E841ACE1DACb} -
C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: MSEvents Object -
{CE70731D-F28D-4D81-9D61-C8EE60378401} -
C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) -
{F18F04B0-9CF1-4b93-B004-77A288BEE28B} -
C:\WINDOWS\system32\dtckfgvb.dll
O2 - BHO: (no name) -
{F745E180-8911-4EC3-AA48-5440E646B8Af} -
C:\WINDOWS\system32\hnebwxex.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program
Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate]
"C:\Program
Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program
Files\LimeWire\LimeWire.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program
Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &AIM Search -
res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender
Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player -
{d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html
(file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone:
http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
(CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/kavwebscan_uni
code.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/CDT/ie/bridge-c42
0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/osc
an8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} -
http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asi
nst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} -
http://pictures02.aim.com/ygp/aol/plugin/upf/AOLUPF
.en-US-AIM.9.5.1.7.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.com/dl/instal
ls/suite/yautocomplete.cab
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ithmjfyj - ithmjfyj.dll
(file missing)
O20 - Winlogon Notify: mljge - mljge.dll (file
missing)
O20 - Winlogon Notify: pmnno -
C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rvohewbh - rvohewbh.dll
(file missing)
O23 - Service: Automatic LiveUpdate Scheduler -
Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt)
- GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec
Corporation - C:\Program Files\Common
Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon)
- Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
AND the vundofix log
----------------------------------
VundoFix V6.2.6
Checking Java version...
Java version is 1.4.2.3
Java version is 1.5.0.3
Scan started at 9:56:58 AM 11/5/2006
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\awvvs.dll
C:\WINDOWS\SYSTEM32\svvwa.ini
C:\WINDOWS\SYSTEM32\svvwa.bak1
C:\WINDOWS\SYSTEM32\svvwa.bak2
C:\WINDOWS\SYSTEM32\svvwa.ini2
C:\WINDOWS\SYSTEM32\vtutr.dll
C:\WINDOWS\SYSTEM32\egpmahlt.exe
C:\WINDOWS\SYSTEM32\jxvxfwik.exe
C:\WINDOWS\SYSTEM32\vlnkbgrm.exe
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\SYSTEM32\svvwa.ini
C:\WINDOWS\SYSTEM32\svvwa.bak1
C:\WINDOWS\SYSTEM32\svvwa.bak2
C:\WINDOWS\SYSTEM32\svvwa.ini2
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.bak2
C:\WINDOWS\system32\svvwa.ini2
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\awvvs.dll
C:\WINDOWS\SYSTEM32\awvvs.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\svvwa.ini
C:\WINDOWS\SYSTEM32\svvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\svvwa.bak1
C:\WINDOWS\SYSTEM32\svvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\svvwa.bak2
C:\WINDOWS\SYSTEM32\svvwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\svvwa.ini2
C:\WINDOWS\SYSTEM32\svvwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\vtutr.dll
C:\WINDOWS\SYSTEM32\vtutr.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\egpmahlt.exe
C:\WINDOWS\SYSTEM32\egpmahlt.exe Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\jxvxfwik.exe
C:\WINDOWS\SYSTEM32\jxvxfwik.exe Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\vlnkbgrm.exe
C:\WINDOWS\SYSTEM32\vlnkbgrm.exe Has been deleted!
Performing Repairs to the registry.
Done!
Those entries you saw are in your Trusted Zone in Internet Explorer. We'll remove them soon.
Your HijackThis log is hard to read with all those spaces. Could you run anther scan, but this time, when Notepad opens make sure Word Wrap is not checked under the Format tab. Post a new log please. :)
roxygrly1431
5 Nov 2006, 4:50pm
Alright.. there we go. :)
Hope this is better.
Shannon
Logfile of HijackThis v1.99.1
Scan saved at 10:51:44 AM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6355FE44-F11F-43DF-87F3-F24B754F9073} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: (no name) - {BB62073C-E9B8-4583-87AA-E841ACE1DACb} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\dtckfgvb.dll
O2 - BHO: (no name) - {F745E180-8911-4EC3-AA48-5440E646B8Af} - C:\WINDOWS\system32\hnebwxex.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c420.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures02.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.7.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ithmjfyj - ithmjfyj.dll (file missing)
O20 - Winlogon Notify: mljge - mljge.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rvohewbh - rvohewbh.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Thanks for that, roxygrly1431! :)
Lets continue:
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop. Do not use it yet!
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
___________________________________
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {6355FE44-F11F-43DF-87F3-F24B754F9073} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: (no name) - {BB62073C-E9B8-4583-87AA-E841ACE1DACb} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\dtckfgvb.dll
O2 - BHO: (no name) - {F745E180-8911-4EC3-AA48-5440E646B8Af} - C:\WINDOWS\system32\hnebwxex.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD...ridge-c420.cab
O20 - Winlogon Notify: ithmjfyj - ithmjfyj.dll (file missing)
O20 - Winlogon Notify: mljge - mljge.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rvohewbh - rvohewbh.dll (file missing)
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
___________________________________
You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
Once in Safe Mode:
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Click Exit on the Main menu to close the program.
___________________________________
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.
roxygrly1431
6 Nov 2006, 10:21pm
Alright.. I did everything.
Took me a while, and i hope i did it correctly, because while i was in safe mode, the picture on my screen was HUGE, and some of the words, and tabs were cut off.
I tried to change the configuration, but it wouldnt allow me to do so in the control panel.
I set up everything i could before the scan on regular mode, and then ran it on safe mode.
Hope this worked!! :)
OH and just an observation, but the last line of the HJT log i noticed this:
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
I remember, before i started cleaning out my computer, that i had something called the VS toolbar. Dont know if this is related, but i figured id mention it.
NEw HJT log
--------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:59:20 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6355FE44-F11F-43DF-87F3-F24B754F9073} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: (no name) - {BB62073C-E9B8-4583-87AA-E841ACE1DACb} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\dtckfgvb.dll
O2 - BHO: (no name) - {F745E180-8911-4EC3-AA48-5440E646B8Af} - C:\WINDOWS\system32\hnebwxex.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures02.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.7.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ithmjfyj - ithmjfyj.dll (file missing)
O20 - Winlogon Notify: mljge - mljge.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rvohewbh - rvohewbh.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:52:20 PM 11/6/2006
+ Scan result:
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute.1 -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Adware.CashBack : Cleaned with backup (quarantined).
C:\Documents and Settings\Tim\Local Settings\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\Cache\DAF1E752d01 -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ugkpedkk.dll -> Adware.Hotbot : Cleaned with backup (quarantined).
HKU\S-1-5-21-1455064615-3222859765-3250906788-1007\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\0\0\9\0\0\3 -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1911\A7980512.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1911\A7980513.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1911\A7980514.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\egpmahlt.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\jxvxfwik.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\vlnkbgrm.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\komapgyc.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\Error Doctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\Error Doctor\ignore.lst -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Downloads\PrisonTycoonSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\WormsArmageddon-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1911\A7980511.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\vtutr.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE70731D-F28D-4D81-9D61-C8EE60378401} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE70731D-F28D-4D81-9D61-C8EE60378401} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-1455064615-3222859765-3250906788-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Documents and Settings\Tim\Local Settings\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\Cache\069CD5C0d01 -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.12:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.14:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.15:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.16:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.17:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.56:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.39:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.76:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.79:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.132:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.133:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.90:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.91:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.122:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.123:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.124:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.125:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.93:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.94:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.100:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.101:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.102:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.10:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.11:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.12:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.13:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.14:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.16:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.7:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.8:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.99:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.9:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.82:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.83:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.84:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.85:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.87:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.88:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.89:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.32:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.35:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.36:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.69:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.74:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.80:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.81:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:C:\Documents and Settings\Erin\Application Data\Mozilla\Firefox\Profiles\hyppdtkj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
Thanks a million!!!!
Shannon
Hi
OH and just an observation, but the last line of the HJT log i noticed this:
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
I remember, before i started cleaning out my computer, that i had something called the VS toolbar. Dont know if this is related, but i figured id mention it.
That entry belongs to Zone Alarm, your Firewall. Its Safe! We removed VS Toolbar previously. :)
Lets continue:
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {6355FE44-F11F-43DF-87F3-F24B754F9073} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: (no name) - {BB62073C-E9B8-4583-87AA-E841ACE1DACb} - C:\WINDOWS\system32\hnebwxex.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\dtckfgvb.dll
O2 - BHO: (no name) - {F745E180-8911-4EC3-AA48-5440E646B8Af} - C:\WINDOWS\system32\hnebwxex.dll
O20 - Winlogon Notify: ithmjfyj - ithmjfyj.dll (file missing)
O20 - Winlogon Notify: mljge - mljge.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rvohewbh - rvohewbh.dll (file missing)
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
Please run another Panda scan and save a log. Post that log, along with a new HijackThis log back here. :)
roxygrly1431
9 Nov 2006, 3:11am
Sorry about that
The letters V & S caught my eye, and i thought i knew what i was talking about . :)
Heres the Panda Scan, followed by the New hjt log.
--------------------------------------------------------------------
Incident Status Location
Adware:adware/ncase Not disinfected c:\temp\salmau.dat
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/elitebar Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\1y5cwmf8.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@advertising[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@dist.belnk[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@realmedia[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@trafficmp[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@www.myaffiliateprogram[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Shannon\Cookies\shannon@z1.adserver[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\hp2hxdq1.default\cookies.txt[.winantivirus.com/]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Tim\Local Settings\Temp\ZangoToolbarInstaller.exe[ZangoInstaller.exe]
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\Program Files\Hijackthis\backups\backup-20061107-190842-289.dll
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
Possible Virus. Not disinfected C:\VundoFix Backups\awvvs.dll.bad
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\blocklist.reg
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\SYSTEM32\ujatchcq.exe
HJT
--------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:11:20 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures02.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.7.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Please do the following...
Lets view hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Next, find and delete the following...
C:\Documents and Settings\Tim\Local Settings\Temp\ZangoToolbarInstaller.exe << this file
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll << this file
C:\WINDOWS\SYSTEM32\ujatchcq.exe << this file
C:\WINDOWS\blocklist.reg << this file
c:\temp\salmau.dat << this file
You can also safely delete all the files in the C:\temp folder.
Reboot your computer, and let me know how things are. :)
vBulletin® v3.8.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.