[inactive]stupid virus, no sound on my computer

Unknown
edited December 2006 in Spyware & Virus Removal
hi, i recently got sent a link off one of my friends on msn live and since i clicked it my computer has gone haywire :(

every time i start up my computer a website pops up and i cant listen to any music. i tryed going into safe mode and running spybot AdAware and AVG but everytime i restart the problem is still there.

i deleted something on add/remove - (something)888 and ive tryed modifying some registry keys but its getting to the point where i really dont know what else to try, as even my system restore wont work.

i had a look on a previous thread but the things i tryed on there didnt seem to work, if anyone can try and help me i would be most appreciative.

Logfile of HijackThis v1.99.1
Scan saved at 18:15:55, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1160684869\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HANNAH~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160684869\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Comments

  • HunterOriginal
    edited December 2006
    It is very possible that it just turned off your speakers, did you check your volume controlls to make sure that speakers are not on mute?
    One of my friends gave me a file one time that switched my mouse buttons, he thought it was hillarious. All i had to do was switch them back though.
  • hannahchu
    edited December 2006
    no the speakers are definately on.

    a critical error pops up when i start my computer saying 'cannot access volume control'.

    its definately virus related.
  • HunterOriginal
    edited December 2006
    Then i spose we are both stuck waiting on a mod to come online.
  • jmoney3457jmoney3457 Maine
    edited December 2006
    hi hanna please do the following ..H You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot back into Normal Mode please post back the AVG log and new HJT log
  • hannahchu
    edited December 2006
    hi :) thanks for that, i think i might have cracked it!

    when i turn on my computer now, no IE window pops up, BUT my sound is still off...

    when my laptop starts up a critical error window pops up and tells me 'cannot access volume control' or something to that effect.

    if you could help me in this respect i would be one happy bunny.

    THANK YOU SO MUCH! :):):)
  • jmoney3457jmoney3457 Maine
    edited December 2006
    please post the avg log :)
  • hannahchu
    edited December 2006
    AVG Anti-Spyware - Scan Report

    + Created at: 11:49:13 03/12/2006

    + Scan result:



    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP1\A0000027.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP1\A0001028.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP7\A0003544.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\{C4ECF849-0574-1033-0923-05050817002c}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003246.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003248.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003250.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003252.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003254.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003256.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003258.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003260.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003262.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003264.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003266.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003268.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003270.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003272.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003274.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003276.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003278.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003280.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP2\A0003282.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP1\A0000013.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP1\A0000030.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\vset.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\vsset.exe -> Trojan.Small : Cleaned with backup (quarantined).


    ::Report end
  • jmoney3457jmoney3457 Maine
    edited December 2006
    thank you for the log, most of what it found is in the system restore folder but that's not a threat as long as you don't do a system restore (don't do 1 unless I instruct you to) and can clean that out at the end, the other 2 were trojans but were deleted..please the do following next,Download ATF Cleaner
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Select All found at the bottom of the list.
    • Click the Empty Selected button.
    If you use Firefox browser, do this also:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser, do this also:
    • Click Opera at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    then,Please perform an online virus scan with F-Secure Online Scanner.

    Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols3.shtml
    • Click the F-Secure Online Scanner Next Generation Beta link.
    • When prompted, choose to install the software.
    • After the software has installed, click Accept.
    • Click Custom Scan and check the option for Scan inside archives, then click Start.
    • The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
    • If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
    • After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
    • In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.
  • hannahchu
    edited December 2006
    Computer name: HANNAH
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\


    Result: 11 malware found
    IM-Worm.Win32.Licat.h (virus)
    C:\Documents and Settings\Hannah McLachlan\cset.exe (Renamed & Submitted)
    Tracking Cookie (spyware)
    System (Disinfected)
    System
    System
    System
    System
    System
    System
    System
    Trojan-Spy.Win32.Ardamax.c (virus)
    C:\Documents and Settings\Hannah McLachlan\vsset.exe (Renamed & Submitted)
    W32/Malware (virus)
    C:\Documents and Settings\Hannah McLachlan\winstall.exe (Submitted)

    Statistics
    Scanned:
    Files: 101043
    System: 3906
    Not scanned: 29
    Actions:
    Disinfected: 1
    Renamed: 2
    Deleted: 0
    None: 8
    Submitted: 3
    Files not scanned:
    C:\HIBERFIL.SYS
    C:\PAGEFILE.SYS
    C:\WINDOWS\SYSTEM32\BIOS1.ROM
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPV600AL.DLL
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPVDJ200.HLP
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPVDJ610.BUD
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPVDJ69X.GPD
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPVDJ6XX.GPD
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPVNAM50.GPD
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\STDNAMES.GPD
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    C:\TOOLSCD\DLA\DLA.msi\stream 9\FILE0024.D0FFFB8D_996E_43B1_8C32_FF42F494CE70
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
    C:\I386\BIOS1.RO_
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\HANNAH MCLACHLAN\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\HANNAH MCLACHLAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY.ITL
    C:\DOCUMENTS AND SETTINGS\HANNAH MCLACHLAN\LOCAL SETTINGS\TEMP\~DFE0B8.TMP
    C:\DOCUMENTS AND SETTINGS\HANNAH MCLACHLAN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.reg
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.reg


    Logfile of HijackThis v1.99.1
    Scan saved at 19:15:05, on 03/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1160684869\ee\AOLSoftware.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Hannah McLachlan\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160684869\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
  • jmoney3457jmoney3457 Maine
    edited December 2006
    Please run the BitDefender online scan from here; http://www.bitdefender.com/scan8/ie.html
    You will need to allow an active x install for the scan to run.
    Leave the scanning options at default and press "click here to scan"
    When finished scanning, click on "click here to export the scan report"
    Save it to your desktop, at "file name" type in "bdscan" then click save.
    Please zip the bdscan.html file then attach the bdscan.html file to your next post along with a new hijackthis log (your previous log got cut off some please make sure you get ALL of it next post please)
  • jmoney3457jmoney3457 Maine
    edited December 2006
    Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you.

    Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum

    If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

    Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
    If you are not the user who started this thread, you must start a new Thread instead :)
This discussion has been closed.