Options
cant remove ViewPoint
i cant remove viewpoint it always comesback and im having trouble removing zango toolbar can someone please helpim also having problems with system restore i open it and a white screen appears. i cant look at my users its like i have a virus that limits what i do
0
Comments
IM also having problems with adobe flashplayer i cant download the new version and i really spend my time watching videos on the internet but now i cant
To diagnose your problem, we first need you to run the steps as described in this short guide:
http://icrontic.com/forum/showthread.php?t=43902
Please post back with your HijackThis log (and all other requested info/logs) in your new reply.
Now please download VundoFix.exe
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:32:29 PM, on 2/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\carpserv.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Common Files\AOL\1198713016\ee\AOLSoftware.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\PROGRA~1\AOL9~1.0\waol.exeC:\Program Files\Common Files\AOL\ACS\AOLacsd.exeC:\PROGRA~1\AOL9~1.0\shellmon.exeC:\Program Files\Trillian\trillian.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exec:\program files\common files\aol\1198713016\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exeC:\Program Files\Common Files\AOL\1198713016\EE\aolsoftware.exec:\program files\aol\aim toolbar 5.0\AolTbServer.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.netR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dllR3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dllO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)O2 - BHO: (no name) - {89A1E40D-0254-4F99-B9AE-B60A2D8754A9} - (no file)O2 - BHO: (no name) - {9404DD1E-B693-4882-94A7-52E66A035F1D} - (no file)O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: {dc0509e8-bfda-d80a-a504-ace3202badfb} - {bfdab202-3eca-405a-a08d-adfb8e9050cd} - (no file)O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dllO3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [CARPService] carpserv.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -RunO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198713016\ee\AOLSoftware.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.0\AOL.EXE" -bO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO20 - AppInit_DLLs: O20 - Winlogon Notify: awttuvw - awttuvw.dll (file missing)O20 - Winlogon Notify: enkicffo - enkicffo.dll (file missing)O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 7624 bytes
Try the other option, and see if that fixes the issue.
Since VundoFix can't work, let's try this.
Download Combofix.exe to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Combofix will automatically save the log file to C:\combofix.txt. Post that log here, along with a new one from HijackThis.
ComboFix 08-02.05.3 - Administrator 2008-02-07 18:57:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.193 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NO1BHSIE\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\eefhk.ini
C:\WINDOWS\system32\eefhk.ini2
C:\WINDOWS\system32\enkicffo.dllbox
.
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.
2008-02-07 18:55 . 2004-08-03 14:56 388,608 --a
C:\kmd.exe
2008-02-06 14:34 . 2008-02-06 14:34 <DIR> d
C:\VundoFix Backups
2008-02-05 15:58 . 2008-02-05 16:52 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Comodo
2008-02-05 15:57 . 2008-02-05 16:52 <DIR> d
C:\Program Files\COMODO
2008-02-05 15:49 . 2008-02-05 15:49 <DIR> d
C:\Documents and Settings\All Users\Application Data\Avira
2008-02-05 13:48 . 2008-02-05 13:49 <DIR> d
C:\Program Files\SpywareBlaster
2008-02-05 13:43 . 2008-02-05 13:43 <DIR> d
C:\Program Files\Trend Micro
2008-02-04 14:54 . 2008-02-04 14:54 <DIR> d
C:\Program Files\Java
2008-02-04 14:54 . 2007-09-24 23:31 69,632 --a
C:\WINDOWS\system32\javacpl.cpl
2008-02-04 14:52 . 2008-02-04 14:52 <DIR> d
C:\Program Files\Common Files\Java
2008-02-03 13:14 . 2008-02-03 13:14 <DIR> d
C:\Program Files\IObit
2008-02-03 12:16 . 2008-02-07 14:02 <DIR> d
C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-03 12:10 . 2008-02-03 12:10 <DIR> d
C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-03 12:09 . 2008-02-03 12:09 <DIR> d
C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-03 11:35 . 2008-02-03 22:21 <DIR> d
C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-02 23:54 . 2008-02-02 23:54 <DIR> d
C:\Program Files\AskPBar
2008-02-02 23:53 . 2008-02-07 18:54 <DIR> d
C:\Program Files\Trillian
2008-02-02 23:12 . 2008-02-02 23:12 <DIR> d
C:\Program Files\AML Products
2008-02-02 23:12 . 2002-01-05 06:48 974,848 --a
C:\WINDOWS\system32\mfc70.dll
2008-02-02 23:12 . 2000-05-22 16:58 608,448 --a
C:\WINDOWS\system32\comctl32.ocx
2008-02-02 23:12 . 2002-01-05 05:40 487,424 --a
C:\WINDOWS\system32\msvcp70.dll
2008-02-02 23:12 . 2002-01-05 11:37 344,064 --a
C:\WINDOWS\system32\msvcr70.dll
2008-02-02 23:12 . 1998-12-24 20:23 40,960 --a
C:\WINDOWS\system32\VBAME.DLL
2008-02-02 22:40 . 2008-02-02 22:40 <DIR> d
C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-02-02 22:26 . 2008-02-02 23:58 <DIR> d
C:\Program Files\Eusing Free Registry Cleaner
2008-02-01 21:42 . 2008-02-01 21:42 <DIR> d
C:\Program Files\Alwil Software
2008-02-01 21:42 . 2003-03-18 13:20 1,060,864 --a
C:\WINDOWS\system32\MFC71.dll
2008-02-01 20:56 . 2008-02-01 20:56 <DIR> d
C:\WINDOWS\system32\VIRepair
2008-02-01 19:34 . 2008-02-01 19:34 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-01-31 22:12 . 2008-02-02 23:56 <DIR> d
C:\Documents and Settings\Administrator\Application Data\.purple
2008-01-31 17:03 . 2008-02-01 14:13 414 --ahs---- C:\WINDOWS\system32\srkryyfx.ini
2008-01-30 23:24 . 2008-01-30 23:24 <DIR> d
C:\Documents and Settings\mikey\Application Data\Viewpoint
2008-01-30 23:18 . 2008-01-31 17:07 <DIR> d
C:\Program Files\Viewpoint
2008-01-30 18:11 . 2008-02-02 23:58 <DIR> d
C:\Program Files\XoftSpySE
2008-01-29 09:32 . 2008-02-01 14:36 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2008-01-29 09:05 . 2008-01-29 09:05 <DIR> d
C:\Deckard
2008-01-29 09:02 . 2008-01-29 09:02 <DIR> d
C:\ie-spyad_zo
2008-01-28 23:36 . 2008-01-30 18:12 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 23:31 . 2008-02-01 14:28 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 23:19 . 2008-01-30 22:55 <DIR> d
C:\Documents and Settings\mikey\Application Data\.purple
2008-01-28 23:17 . 2008-01-28 23:17 <DIR> d
C:\Program Files\Common Files\GTK
2008-01-28 02:43 . 2008-01-28 02:43 <DIR> d
C:\Program Files\Tencent
2008-01-28 02:42 . 2008-01-28 02:42 21 --a
C:\WINDOWS\atid.ini
2008-01-28 02:02 . 2008-01-28 02:02 <DIR> d
C:\Documents and Settings\mikey\Application Data\PCToolsFirewallPlus
2008-01-28 01:47 . 2008-01-28 02:28 <DIR> d
C:\Program Files\Common Files\PC Tools
2008-01-28 01:45 . 2008-01-28 02:22 <DIR> d-a
C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-28 00:50 . 2008-01-28 00:57 <DIR> d
C:\Documents and Settings\mikey\Application Data\Business Logic
2008-01-27 00:06 . 2008-01-27 00:06 <DIR> d
C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-26 23:48 . 2008-01-26 23:48 <DIR> d
C:\Documents and Settings\mikey\Application Data\Yahoo!
2008-01-26 23:47 . 2008-01-27 13:19 <DIR> d
C:\Program Files\Yahoo!
2008-01-26 23:47 . 2008-01-27 00:03 <DIR> d
C:\Program Files\DivX
2008-01-25 20:17 . 2001-08-17 22:36 99,328 --a
C:\WINDOWS\system32\srusd.dll
2008-01-25 20:17 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-01-25 20:17 . 2001-08-17 22:36 71,680 --a
C:\WINDOWS\system32\fnfilter.dll
2008-01-25 20:17 . 2001-08-17 22:36 71,680 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-01-25 20:17 . 2001-08-17 13:53 6,784 --a
C:\WINDOWS\system32\drivers\serscan.sys
2008-01-25 20:17 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-01-24 00:19 . 2008-01-24 00:19 <DIR> d
C:\Program Files\SystemRequirementsLab
2008-01-19 11:44 . 2008-01-19 11:44 78,942 --a
C:\WINDOWS\Icon_3.ico
2008-01-18 11:39 . 2003-01-10 13:13 33,588 -ra
C:\WINDOWS\system32\drivers\wanatw4.sys
2008-01-15 18:57 . 2008-01-16 15:02 <DIR> d
C:\Program Files\Thoosje Sidebar V2.3
2008-01-14 16:35 . 2008-01-14 16:35 <DIR> d
C:\Documents and Settings\mikey\Application Data\Talkback
2008-01-13 19:13 . 2008-01-13 19:13 <DIR> d
C:\WINDOWS\Sun
2008-01-13 09:06 . 2008-01-13 09:06 <DIR> d
C:\Documents and Settings\mikey\Application Data\CyberLink
2008-01-13 08:49 . 2008-01-27 22:51 <DIR> d
C:\Program Files\LimeWire
2008-01-12 22:13 . 2008-01-12 22:13 <DIR> d
C:\Program Files\Windows Media Connect 2
2008-01-12 22:09 . 2008-01-12 22:09 <DIR> d
C:\WINDOWS\system32\LogFiles
2008-01-12 22:09 . 2008-01-12 22:10 <DIR> d
C:\WINDOWS\system32\drivers\UMDF
2008-01-12 20:51 . 2008-01-12 20:54 <DIR> d
C:\Documents and Settings\mikey\Application Data\ViStart
2008-01-12 20:47 . 2008-01-12 20:47 <DIR> d
C:\Program Files\WinFlip
2008-01-12 20:47 . 2008-01-12 20:47 <DIR> d
C:\Program Files\TrueTransparency
2008-01-12 20:47 . 2008-01-16 15:20 <DIR> d
C:\Program Files\Styler
2008-01-12 20:35 . 2008-01-12 20:35 78,942 --a
C:\WINDOWS\Icon_2.ico
2008-01-12 19:39 . 2008-01-12 19:39 <DIR> d
C:\Documents and Settings\mikey\Application Data\Styler
2008-01-12 19:38 . 2008-01-12 19:38 <DIR> d
C:\Documents and Settings\mikey\Application Data\MSNInstaller
2008-01-12 11:15 . 2008-01-12 11:15 <DIR> d
C:\Documents and Settings\mikey\Application Data\Apple Computer
2008-01-12 11:04 . 2008-01-12 19:43 <DIR> d
C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-12 11:03 . 2008-01-12 11:03 <DIR> d
C:\Program Files\Apple Software Update
2008-01-12 11:02 . 2008-01-13 19:05 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-12 11:00 . 2008-01-12 11:00 <DIR> d
C:\Documents and Settings\All Users\Application Data\Apple
2008-01-12 10:14 . 2008-01-12 10:14 <DIR> d
C:\Documents and Settings\mikey\LimeWire Store Purchased
2008-01-12 10:14 . 2008-01-12 10:14 <DIR> d
C:\Documents and Settings\mikey\LimeWire Shared
2008-01-12 10:14 . 2008-01-30 18:24 <DIR> d
C:\Documents and Settings\mikey\LimeWire Saved
2008-01-12 10:13 . 2008-01-30 18:48 <DIR> d
C:\Documents and Settings\mikey\Incomplete
2008-01-12 10:13 . 2008-01-30 18:26 <DIR> d
C:\Documents and Settings\mikey\Application Data\LimeWire
2008-01-12 09:36 . 2008-01-12 09:36 <DIR> d
C:\Documents and Settings\mikey\Application Data\Sereniti
2008-01-12 08:55 . 2008-01-12 08:55 <DIR> d
C:\Program Files\Google
2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d
C:\Documents and Settings\mikey\Application Data\WeatherDPA
2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d
C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-01-09 15:48 . 2004-08-04 00:56 159,232 --a
C:\WINDOWS\system32\ptpusd.dll
2008-01-09 15:48 . 2004-08-03 22:58 15,104 --a
C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-09 15:48 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-09 15:48 . 2001-08-17 22:36 5,632 --a
C:\WINDOWS\system32\ptpusb.dll
2008-01-08 14:21 . 2008-01-08 14:23 <DIR> d
C:\Documents and Settings\mikey\Application Data\AOL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 23:38
d
w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-02-03 07:56
d
w C:\Documents and Settings\Administrator\Application Data\.purple
2008-02-01 05:47
d
w C:\Program Files\Common Files\InstallShield
2008-01-31 07:18
d
w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-31 07:13
d
w C:\Program Files\Common Files\AOL
2008-01-31 06:55
d
w C:\Documents and Settings\mikey\Application Data\.purple
2008-01-31 02:03
d
w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-29 06:43
d
w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-28 10:21
d
w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-13 05:39
d
w C:\Program Files\HyCam2
2007-12-31 07:30
d
w C:\Documents and Settings\Administrator\Application Data\Styler
2007-12-30 18:38
d
w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-30 02:55
d
w C:\Program Files\AOL 9.0
2007-12-30 02:49
d
w C:\Program Files\Common Files\aolshare
2007-12-29 16:36
d
w C:\Program Files\AOL 9.1
2007-12-28 18:26
d
w C:\Program Files\AOL Deskbar
2007-12-27 05:50
d
w C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-27 02:10
d
w C:\Documents and Settings\Administrator\Application Data\AOL
2007-12-27 00:55
d
w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-27 00:33
d
w C:\Program Files\AOL Search
2007-12-27 00:15
d
w C:\Program Files\Common Files\Scanner
2007-12-26 23:56
d
w C:\Program Files\Common Files\aolback
2007-12-26 23:53 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2007-12-26 23:53
d
w C:\Program Files\Common Files\Real
2007-12-26 23:53
d
w C:\Program Files\Common Files\Nullsoft
2007-12-26 23:53
d
w C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-26 23:52
d
w C:\Program Files\Real
2007-12-26 23:51
d
w C:\Program Files\Pure Networks
2007-12-26 23:51
d
w C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-26 23:50
d
w C:\Program Files\Common Files\AolCoach
2007-12-25 23:38
d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 23:33 155,995 ----a-w C:\WINDOWS\java\Packages\5N9JP3HB.ZIP
2007-12-25 23:32
d
w C:\Documents and Settings\Administrator\Application Data\Snapfish
2007-12-10 00:13
d
w C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-12-08 20:46
d
w C:\Program Files\Nero
2007-12-08 20:46
d
w C:\Program Files\Ahead
2007-12-08 20:46
d
w C:\Documents and Settings\Administrator\Application Data\Simple Star
2007-12-08 20:42
d
w C:\Program Files\Common Files\Nero
2007-12-08 20:41
d
w C:\Program Files\Common Files\Ahead
2007-12-08 20:41
d
w C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-08 20:39
d
w C:\Program Files\CyberLink
2007-12-08 20:39
d
w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-08 20:33
d
w C:\Program Files\ATI Technologies
2007-12-08 20:30
d
w C:\Program Files\CONEXANT
2007-12-08 19:43
d
w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 11:27 111968 --a
C:\Program Files\AOL Search\AOLSearch.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9404DD1E-B693-4882-94A7-52E66A035F1D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bfdab202-3eca-405a-a08d-adfb8e9050cd}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-12 08:55 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 14:56 15360]
"AOL Fast Start"="C:\PROGRA~1\AOL9~1.0\AOL.exe" [2007-04-17 22:49 50736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-11-08 03:00 4608 C:\WINDOWS\system32\carpserv.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:00 335872]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 04:50 71216]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 13:33 99480]
"HostManager"="C:\Program Files\Common Files\AOL\1198713016\ee\AOLSoftware.exe" [2007-05-25 09:16 42032]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-03 12:10 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-03 12:10 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttuvw]
awttuvw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\enkicffo]
enkicffo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 05:49]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 04:12]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 23:36:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 19:01:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
Other Running Processes
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\WgaTray.exe
c:\program files\common files\aol\1198713016\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
.
**************************************************************************
.
Completion time: 2008-02-07 19:03:21 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-02-08 03:03:05
.
2008-01-20 17:02:36 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:42 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1198713016\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\program files\common files\aol\1198713016\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\1198713016\EE\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {9404DD1E-B693-4882-94A7-52E66A035F1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {dc0509e8-bfda-d80a-a504-ace3202badfb} - {bfdab202-3eca-405a-a08d-adfb8e9050cd} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198713016\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: awttuvw - awttuvw.dll (file missing)
O20 - Winlogon Notify: enkicffo - enkicffo.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7198 bytes
Please run HijackThis and place a tick by the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {9404DD1E-B693-4882-94A7-52E66A035F1D} - (no file)
O2 - BHO: {dc0509e8-bfda-d80a-a504-ace3202badfb} - {bfdab202-3eca-405a-a08d-adfb8e9050cd} - (no file)
O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: awttuvw - awttuvw.dll (file missing)
O20 - Winlogon Notify: enkicffo - enkicffo.dll (file missing)
Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer. Post a new log in your new reply.
Here is a good information article about ViewPoint:
http://ask-leo.com/is_viewpoint_spyware.html
Usually we consider ViewPoint as optional to remove. But if you would like to remove ViewPoint, just indicate and I will be happy to guide you through the removal steps.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:47 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1198713016\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AOL 9.1a\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\common files\aol\1198713016\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1198713016\EE\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198713016\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6326 bytes
here are the results:
Incident Status Location
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@searchportal.information[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe
[*] Viewpoint
[*] Viewpoint Manager
[*] Viewpoint Media Player
[*] Viewpoint Toolbar
[*] Viewpoint Experience Technology
The first three 'spyware' are mere cookies. Cookies, compared to conventional spyware, are actually quite harmless.
You can read more about cookies at:
http://www.microsoft.com/info/cookies.mspx
http://www.cookiecentral.com/faq/
As for the last "unwanted program" found, I have my doubts about it being truly a malware program.
Please go to Jotti's Online Scanner, and upload the following file for analysis:
C:\WINDOWS\Nircmd.exe
The scan may take a while, so be patient. After the scan completes, copy and paste the results here in your new reply, along with a new HijackThis log.
Scan taken on 09 Feb 2008 02:44:14 (GMT)
A-Squared Found nothing
AntiVir Found APPL/NirCmd.3
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found Application/NirCmd.A
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
heres a new hijackthis log also
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:45 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\AOL\1198713016\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\common files\aol\1198713016\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1198713016\EE\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198713016\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6410 bytes