Cant get rid of Downloader.Agent.bkw

OneHitOneHit Florida
edited April 2007 in Spyware & Virus Removal
I ran an AVG scan & found a Virus\trojan Called Downloader.Agent.bkw.It was found in my C:\System Volume Information\_restore{ ect,, I have had a Problem trying to restore system to an earlier date,
My Nortons 2007 is Junk because it never finds anything that AVG or spybot ect finds. Here Is a HJT Log Please Help if you can .. Ty In Advance. I almost forgot I am running XP pro sp2 .

Logfile of HijackThis v1.99.1
Scan saved at 9:42:34 AM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\Program Files\Object
Desktop\WindowBlinds\wbload.exe
C:\Program Files\Common Files\Symantec
Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Documents and
Settings\Onehit\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft Internet Explorer
provided by Comcast
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings,ProxyServer =
actsvr.comcastonline.com:8100
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings,ProxyOverride = actsvr.comcastonline.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 205.238.40.51 www.winmx.com
err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com
test3205.winmx.com
O1 - Hosts: 209.67.209.50 test3202.winmx.com
test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com
test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3204.winmx.com
test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
c3310.z1302.winmx.com c3310.z1303.winmx.com
c3310.z1304.winmx.com c3310.z1305.winmx.com
c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com
c3313.z1302.winmx.com c3313.z1303.winmx.com
c3313.z1304.winmx.com c3313.z1305.winmx.com
c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com
c3316.z1302.winmx.com c3316.z1303.winmx.com
c3316.z1304.winmx.com c3316.z1305.winmx.com
c3316.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3311.z1301.winmx.com
c3311.z1302.winmx.com c3311.z1303.winmx.com
c3311.z1304.winmx.com c3311.z1305.winmx.com
c3311.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com
c3314.z1302.winmx.com c3314.z1303.winmx.com
c3314.z1304.winmx.com c3314.z1305.winmx.com
c3314.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3317.z1301.winmx.com
c3317.z1302.winmx.com c3317.z1303.winmx.com
c3317.z1304.winmx.com c3317.z1305.winmx.com
c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
c3312.z1302.winmx.com c3312.z1303.winmx.com
c3312.z1304.winmx.com c3312.z1305.winmx.com
c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com
c3315.z1302.winmx.com c3315.z1303.winmx.com
c3315.z1304.winmx.com c3315.z1305.winmx.com
c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com
c3318.z1302.winmx.com c3318.z1303.winmx.com
c3318.z1304.winmx.com c3318.z1305.winmx.com
c3318.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com
c3319.z1302.winmx.com c3319.z1303.winmx.com
c3319.z1304.winmx.com c3319.z1305.winmx.com
c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
c3520.z1302.winmx.com c3520.z1303.winmx.com
c3520.z1304.winmx.com c3520.z1305.winmx.com
c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com
c3523.z1302.winmx.com c3523.z1303.winmx.com
c3523.z1304.winmx.com c3523.z1305.winmx.com
c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com
c3526.z1302.winmx.com c3526.z1303.winmx.com
c3526.z1304.winmx.com c3526.z1305.winmx.com
c3526.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3521.z1301.winmx.com
c3521.z1302.winmx.com c3521.z1303.winmx.com
c3521.z1304.winmx.com c3521.z1305.winmx.com
c3521.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com
c3524.z1302.winmx.com c3524.z1303.winmx.com
c3524.z1304.winmx.com c3524.z1305.winmx.com
c3524.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3527.z1301.winmx.com
c3527.z1302.winmx.com c3527.z1303.winmx.com
c3527.z1304.winmx.com c3527.z1305.winmx.com
c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
c3522.z1302.winmx.com c3522.z1303.winmx.com
c3522.z1304.winmx.com c3522.z1305.winmx.com
c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com
c3525.z1302.winmx.com c3525.z1303.winmx.com
c3525.z1304.winmx.com c3525.z1305.winmx.com
c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com
c3528.z1302.winmx.com c3528.z1303.winmx.com
c3528.z1304.winmx.com c3528.z1305.winmx.com
c3528.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com
c3529.z1302.winmx.com c3529.z1303.winmx.com
c3529.z1304.winmx.com c3529.z1305.winmx.com
c3529.z1306.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AdShield.AdShield -
{7559B76E-0222-4d77-9499-CCE9EB4EDC2F} -
C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O3 - Toolbar: RefresherBand Class -
{B24BA06E-FB7B-4757-95C2-DC01125F750E} -
C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program
Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton
AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program
Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
-reboot 1
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging
Monitor.lnk.disabled
O4 - Global Startup: QuickBooks Update Agent.lnk =
C:\Program Files\Common
Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Maintain Block List... -
C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: Add to &Block List... -
C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: AdShield Option
&Settings... -
C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: E&xport to Microsoft Excel
-
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3
000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no
file)
O9 - Extra 'Tools' menuitem: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no
file)
O9 - Extra button: ComcastHSI -
{669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
http://www.comcast.net/ (file missing)
O9 - Extra button: Support -
{8828075D-D097-4055-AA02-2DBFA9D85E8A} -
http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help -
{97809617-3937-4F84-B335-9BB05EF1A8D4} -
http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield -
{4FB6C25E-7B37-4c93-B592-16ECD8D18361} -
C:\PROGRA~1\AdShield\AdShield\AdShield.dll (HKCU)
O16 - DPF:
{01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live
Control) -
http://install.homestead.com/~site/InstallFiles/SIFiles/lpxli
ve/HS_live.cab
O16 - DPF:
{05D44720-58E3-49E6-BDF6-D00330E511D3}
(StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/StagingUI.cab53
083.cab
O16 - DPF:
{0E5F0222-96B9-11D3-8997-00104BD12D94}
(PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814}
(MeadCo ScriptX Advanced) -
http://universal.atl.macneillgroup.com//systemInfo/ScriptX/
smsx.cab
O16 - DPF:
{17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF:
{1842B0EE-B597-11D4-8997-00104BD12D94} (iCC
Class) -
http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF:
{2A32B14F-4D29-4EA3-AC54-E9B19F436CE7}
(Scanner Class) -
http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF:
{352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt
Disney Internet Group Hardware Control) -
https://disneyblast.go.com/v3/setup/activex/DIGHardware
Control.cab
O16 - DPF:
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
(FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.ca
b
O16 - DPF:
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}
(ZoneBuddy Class) -
http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab530
83.cab
O16 - DPF:
{47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} -
http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF:
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}
(QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF:
{54B52E52-8000-4413-BD67-FC7FE24B59F2}
(EARTPatchX Class) -
http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF:
{5736C456-EA94-4AAC-BB08-917ABDD035B3}
(ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZPAChat.cab5308
3.cab
O16 - DPF:
{5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live
Control) -
http://install.homestead.com/~site/InstallFiles/SIFiles/lpxli
ve/HS_live.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Control
s/en/x86/client/wuweb_site.cab?1120339741484
O16 - DPF:
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housec
all.trendmicro.com/housecall/xscan53.cab
O16 - DPF:
{76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} -
http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF:
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}
(MJLauncherCtrl Class) -
http://zone.msn.com/bingame/amun/default/mjolauncher.c
ab
O16 - DPF:
{809A6301-7B40-4436-A02C-87B8D3D7D9E3}
(ZPA_DMNO Object) -
http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42
341.cab
O16 - DPF:
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsCl
ient.cab
O16 - DPF:
{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN
Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab5
6649.cab
O16 - DPF:
{C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN
Photo Upload Tool) -
http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.ca
b
O16 - DPF:
{CAC181B0-4D70-402D-B571-C596A47D0CE0}
(CBankshotZoneCtrl Class) -
http://zone.msn.com/bingame/zpagames/zpa_pool.cab428
58.cab
O16 - DPF:
{CC32D4D8-2A0B-4CEB-B105-C9B968379105}
(CGameManagerCtrl Object) -
https://disney.go.com/games/downloads/gamemanager/DI
GGameManager.cab
O16 - DPF:
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41}
(TikGames Online Control) -
http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF:
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}
(StadiumProxy Class) -
http://zone.msn.com/binframework/v10/StProxy.cab53852
.cab
O16 - DPF:
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
(PopCapLoader Object) -
http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF:
{E5D419D6-A846-4514-9FAD-97E826C84822}
(HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF:
{EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV
Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF:
{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}
(ZPA_Backgammon Object) -
http://zone.msn.com/bingame/zpagames/ZPA_Backgamm
on.cab53083.cab
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB -
C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AOL Connectivity Service (AOL ACS) -
AOL LLC - C:\Program Files\Common
Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL
TopSpeedMonitor) - America Online, Inc - C:\Program
Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler -
Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware
Development a.s. - C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Unknown owner - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Unknown owner - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
missing)
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Unknown owner - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
ccCommon (file missing)
O23 - Service: Symantec IS Password Validation
(ISPwdSvc) - Symantec Corporation - C:\Program
Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service
(SymAppCore) - Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service
(WANMiniportService) - America Online, Inc. -
C:\WINDOWS\wanmpsvc.exe

Comments

  • Baabiouz
    edited April 2007
    Hi!

    I'll check your log! :)
  • OneHitOneHit Florida
    edited April 2007
    Ty Ill Be Here off & on All day,, More On Then off lol
  • Baabiouz
    edited April 2007
    Hi!

    Open Hjt and click Do system scan only.
    Check these lines and click Fix checked.


    O16 - DPF:
    {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} -
    http://www.alwaysupdatednews.com/install/aun_0036.exe

    O16 - DPF:
    {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    (PopCapLoader Object) -
    http://zone.msn.com/bingame/popcaploader_v10.cab




    Please do the following...

    1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
    This program is for XP and Windows 2000 only!

    Double-click ATF Cleaner.exe to open it.

    Under Main select the following:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Java Cache
    *The other boxes are optional*
    Then click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Launch AVG Anti-Spyware
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.
  • OneHitOneHit Florida
    edited April 2007
    Ok I have done as Asked , I ran AVG & it come up with nothing ,, But I do Have In quarantine A file Called ( Downloader.Agent.bkw ) I quarintined it yesterday morning , But did not save a report ;( dumb me ,But as I said it is in quarantine. here is My hjt Log though

    Logfile of HijackThis v1.99.1
    Scan saved at 3:04:30 PM, on 4/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Documents and Settings\Onehit\Desktop\HiJackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll
    O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
    O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
    O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll (HKCU)
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://universal.atl.macneillgroup.com//systemInfo/ScriptX/smsx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
    O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120339741484
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa.org/ecwplugins/ncs.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
    O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab53083.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • Baabiouz
    edited April 2007
    Hi Onehit!

    I think that your comp is clean.

    You can clear out the Quarantine.
  • OneHitOneHit Florida
    edited April 2007
    THank You For Your Help Baabiouz,, I think I Also went & Killed a Few Other Little Nasty Viruses That Norton 2007 didnt catch,, Hmmm Must be time for Nor 2007 to go in Trash Can ;) Any Thoughts on A good 1 ? lol

    Thank You Onehit
  • Baabiouz
    edited April 2007
    Here is some good Firewalls

    http://www.filepedia.com/network_software/firewalls/
This discussion has been closed.