arachnid40

Hjt Log Wifes System[RESOLVED]

Recommended Posts

I try to scan this system(wifes) with AVG Anti-spyware program. It freezes at the beginning of scan. Here is the log let me know if there is something. Thanks much!

Logfile of HijackThis v1.99.1

Scan saved at 8:18:00 PM, on 12/22/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Hello arachnid40, sorry for the delay in your response.

Let's run a scan.

STEP 1:

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

STEP 2:

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new Hijackthis Log.

Share this post


Link to post
Share on other sites

No problem on responce time Steamhead, here is the panda report:

Incident Status Location

Adware:adware/sbsoft Not disinfected c:\windows\downloaded program files\webdlg32.inf

Adware:adware program Not disinfected c:\windows\ss3unstl.exe

Adware:adware/whenusearch Not disinfected c:\program files\common files\WhenU

Adware:adware/superbar Not disinfected Windows Registry

Potentially unwanted tool:application/iwon Not disinfected hkey_local_machine\software\iWon

Adware:adware/navhelper Not disinfected Windows Registry

Adware:adware/xplugin Not disinfected Windows Registry

Adware:adware/ist.istbar Not disinfected Windows Registry

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.com.com/]

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.did-it.com/]

Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.inet-traffic.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[searchportal.information.com/]

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[stat.onestat.com/]

Possible Virus. Not disinfected C:\Downloads\KazaaBegone.exe

Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Kazaa Lite\TopSearch.dll

Here is new Hijackthis report:

Logfile of HijackThis v1.99.1

Scan saved at 5:02:56 PM, on 12/26/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Hello arachnid40 :)

Let's get started..

STEP 1:

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\downloaded program files\webdlg32.inf

    c:\windows\ss3unstl.exe

    c:\program files\common files\WhenU

    C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt

    C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt

    C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt

    C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt

    C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt

    C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt

    C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt

    C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt

    C:\Program Files\Kazaa Lite\TopSearch.dll

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

STEP 2:

Please go to Add/Remove Programs (Start -> Control Panel -> Add/Remove Programs)

and delete the following programs, if present:

Kazaa Lite

STEP 2:

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

Can you please run a new Panda scan and post it's log, the uninstall_list.txt, and a new HJT log. Thanks :)

Share this post


Link to post
Share on other sites

Ad-Aware SE Personal

Adobe Acrobat 7.0.1 and Reader 7.0.1 Update

Adobe Acrobat 7.0.2 and Reader 7.0.2 Update

Adobe Reader 7.0

Alchemist Wizard

Aquabble Avalanche

Asianata

AstroPop Deluxe 1.0

ATI Display Driver

AVG Anti-Spyware 7.5

AVG Free Edition

Bejeweled 2 Deluxe 1.0

Best Gift

Big Kahuna Reef

Big Money Deluxe 1.0

Big Money Deluxe 1.3

Bonnie's Bookstore Deluxe 1.0

BookWorm Deluxe 1.0

Chicken Hunter

Chuzzle

Clue

Commando

Commandos, Beyond the Call of Duty

Cosmic Bugs

CR: Import Data

DirectX Media Runtime 5.1

Dynomite Deluxe 2.71

ebgcInfra

ebgcRes

ebgcSDK

EMS FreeSurfer mk II

Feeding Frenzy 2

Funkiball Adventure

Glow Worm

Google Toolbar for Internet Explorer

Hammer Heads 1.0

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

HijackThis 1.99.1

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Iggle Pop! 1.0

J2SE Runtime Environment 5.0 Update 1

J2SE Runtime Environment 5.0 Update 2

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 9

Lexmark 4300 Series

LimeWire 4.12.6

Macromedia Flash Player 8

Macromedia Shockwave Player

Mah Jong Quest

Mahjong Holidays 2005

Mavis Beacon Teaches Typing 12 Standard

Media Library Management Wizard

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft Bootvis

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Web Publishing Wizard 1.52

Mom

Mozilla Firefox (2.0.0.1)

MSN Messenger 7.0

MSN Music Assistant

Need for Speed Underground 2

Nero - Burning Rom

Nero Media Player

NeroVision Express 2

Noah's Ark Deluxe 1.1

NVIDIA Drivers

NVIDIA Windows 2000/XP Display Drivers

Paint Shop Pro 7

Panda ActiveScan

Personal License Update Wizard for Windows Media Player

RelevantKnowledge

Rocket Mania 1.0

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB926255)

Shape Solitaire

Slingo Deluxe

Spybot - Search & Destroy 1.4

SpywareBlaster v3.5.1

Super Blackjack

Super Collapse! 3

Talismania Deluxe 1.0

The Game Of Life

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Winamp (remove only)

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Bonus Pack for Windows XP

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows Media Player Skin Importer

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB887797

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinRAR archiver

Xmas Bonus

Y!TunnelPro V1.3 Build 272

Yahoo! extras

Yahoo! Internet Mail

Yahoo! Messenger

Incident Status Location

Adware:adware/sbsoft Not disinfected c:\windows\downloaded program files\webdlg32.inf

Adware:adware program Not disinfected c:\windows\ss3unstl.exe

Adware:adware/whenusearch Not disinfected c:\program files\common files\WhenU

Adware:adware/superbar Not disinfected Windows Registry

Potentially unwanted tool:application/iwon Not disinfected hkey_local_machine\software\iWon

Adware:adware/navhelper Not disinfected Windows Registry

Adware:adware/xplugin Not disinfected Windows Registry

Adware:adware/ist.istbar Not disinfected Windows Registry

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.com.com/]

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.did-it.com/]

Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.inet-traffic.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[searchportal.information.com/]

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Linda Frovarp\Application Data\Mozilla\Firefox\Profiles\ajlpkp2o.default\cookies.txt[stat.onestat.com/]

Possible Virus. Not disinfected C:\Downloads\KazaaBegone.exe

Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Kazaa Lite\TopSearch.dll

Logfile of HijackThis v1.99.1

Scan saved at 5:50:37 PM, on 12/28/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

I apologize for such a delay in my responses, these holidays have got me really busy this year. I will have your fix ready by tomorrow. so sorry :(

Share this post


Link to post
Share on other sites

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:

    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.

    [*]Click Sweep Now on the left side.

    [*]Click the Start button.

    [*]When it's done scanning, click the Next button.

    [*]Make sure everything has a check next to it, then click the Next button.

    [*]It will remove all of the items found.

    [*]Click Session Log in the upper right corner, copy everything in that window.

    [*]Click the Summary tab and click Finish.

    [*]Paste the contents of the session log you copied into your next reply.

Share this post


Link to post
Share on other sites

You may want to update your spysweeper instructions, I figured out how to get what needed checked but some may not.

Here is the scan of spysweeper:

9:44 AM: Removal process completed. Elapsed time 00:00:18

9:44 AM: Quarantining All Traces: portland.co cookie

9:44 AM: Quarantining All Traces: tripod cookie

9:44 AM: Quarantining All Traces: adbureau cookie

9:44 AM: Quarantining All Traces: adknowledge cookie

9:44 AM: Quarantining All Traces: yieldmanager cookie

9:44 AM: Quarantining All Traces: topsearch

9:43 AM: Quarantining All Traces: cws_xplugin

9:43 AM: Quarantining All Traces: navexcel navhelper

9:43 AM: Quarantining All Traces: ez-finder toolbar

9:43 AM: Quarantining All Traces: marketscore

9:43 AM: Quarantining All Traces: cws_ns3

9:43 AM: Removal process initiated

9:32 AM: Traces Found: 13

9:32 AM: Custom Sweep has completed. Elapsed time 00:28:15

9:32 AM: File Sweep Complete, Elapsed Time: 00:25:49

9:30 AM: Warning: Error resolving host file entry: Access violation at address 00401D9B in module 'SpySweeper.exe'. Read of address 00000000

9:29 AM: Warning: Failed to access drive D:

9:29 AM: C:\!KillBox\webdlg32.inf (ID = 363476)

9:29 AM: Found Adware: ez-finder toolbar

9:23 AM: C:\!KillBox\TopSearch.dll (ID = 329651)

9:23 AM: Found Adware: topsearch

9:06 AM: Starting File Sweep

9:06 AM: Warning: Failed to access drive A:

9:06 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00

9:06 AM: c:\documents and settings\linda frovarp\cookies\[email protected][1].txt (ID = 3180)

9:06 AM: Found Spy Cookie: portland.co cookie

9:06 AM: c:\documents and settings\linda frovarp\cookies\[email protected][1].txt (ID = 3591)

9:06 AM: Found Spy Cookie: tripod cookie

9:06 AM: c:\documents and settings\linda frovarp\cookies\[email protected][1].txt (ID = 2060)

9:06 AM: Found Spy Cookie: adbureau cookie

9:06 AM: c:\documents and settings\linda frovarp\cookies\[email protected][2].txt (ID = 2072)

9:06 AM: Found Spy Cookie: adknowledge cookie

9:06 AM: c:\documents and settings\linda frovarp\cookies\[email protected][2].txt (ID = 3751)

9:06 AM: c:\documents and settings\linda frovarp\cookies\[email protected][1].txt (ID = 3751)

9:06 AM: Found Spy Cookie: yieldmanager cookie

9:06 AM: Starting Cookie Sweep

9:06 AM: Registry Sweep Complete, Elapsed Time:00:00:10

9:06 AM: HKU\S-1-5-21-2000478354-789336058-854245398-1004\software\microsoft\internet explorer\main\ || sethp (ID = 124467)

9:06 AM: Found Adware: cws_xplugin

9:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}\ (ID = 997447)

9:06 AM: Found Adware: marketscore

9:06 AM: HKLM\software\classes\appid\nhelper.dll\ (ID = 135525)

9:06 AM: HKCR\appid\nhelper.dll\ (ID = 135511)

9:06 AM: Found Adware: navexcel navhelper

9:06 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\webdlg32.dll (ID = 123378)

9:06 AM: Found Adware: cws_ns3

9:06 AM: Starting Registry Sweep

9:06 AM: Memory Sweep Complete, Elapsed Time: 00:02:06

9:04 AM: Starting Memory Sweep

9:04 AM: Start Custom Sweep

9:04 AM: Sweep initiated using definitions version 829

9:04 AM: Spy Sweeper 5.2.3.2138 started

9:04 AM: | Start of Session, Wednesday, January 03, 2007 |

********

9:04 AM: | End of Session, Wednesday, January 03, 2007 |

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

8:59 AM: Shield States

8:58 AM: Spyware Definitions: 816

8:58 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220

8:57 AM: Spy Sweeper 5.2.3.2138 started

8:57 AM: Spy Sweeper 5.2.3.2138 started

8:57 AM: | Start of Session, Wednesday, January 03, 2007 |

********

Share this post


Link to post
Share on other sites

I understand that you guys work on this on your spare time, and I do appreciate you and your talents and your time very much. I started this the 22 of Dec if Steamhead doesn't have the time to do this that is quite alright I promise no harm no bad feelings. If it is ok with whoever I would like to close this thread and start over? If not then thats ok too :-)

Share this post


Link to post
Share on other sites

Hi arachnid40,

I'm sorry about the delay, I wasn't aware this thread was still open or I would have informed you and got someone else to cover it. Steamhead is currently not online due to some personal things so if you could please post a new HJT log I will find someone to come finish helping you. Thanks for your anticipated understanding.

B

Share this post


Link to post
Share on other sites

No problem Jeff I am flexible :-)

Here is a new Hijackthis post:

Logfile of HijackThis v1.99.1

Scan saved at 2:30:00 PM, on 1/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\explorer.exe

C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"

O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Hey arachnid40,

The log looks clean now. I would recommend removing the Yahoo and Google toolbars if you don't really use them, they tend to slow the system down and just be in the way. However if you like them by all means you can keep them. Also, are you still having issues scanning?

B

Share this post


Link to post
Share on other sites

The avg anti spyware is still locking up, it gets to 31 scanned objects, currently scanning: Memory/Processes, [420] VM_7FFE0000 then just stops there. I have tried to remove the program then re-install still stops in the same area. I am thinking of just taking it out and using other scanners for spyware.

Share this post


Link to post
Share on other sites

OOPS Double post

Edited by arachnid40

Share this post


Link to post
Share on other sites

Have you tried uninstalling/reinstalling AVG Antispyware? If not try that. Also does it give you a file path location or any type of location of where it locks up during the scan? Is it always the same file or does it vary? Either way try uninstalling/reinstalling.

B

Share this post


Link to post
Share on other sites
Have you tried uninstalling/reinstalling AVG Antispyware? If not try that. Also does it give you a file path location or any type of location of where it locks up during the scan? Is it always the same file or does it vary? Either way try uninstalling/reinstalling.

B

From earlier post:

The avg anti spyware is still locking up, it gets to 31 scanned objects, currently scanning: Memory/Processes, [420] VM_7FFE0000 then just stops there. I have tried to remove the program then re-install still stops in the same area. I am thinking of just taking it out and using other scanners for spyware.

Share this post


Link to post
Share on other sites

Ah, I missed that. So I guess you don't know the file path where it locks up? I've heard from other people that they were having issues with it as well. You could always try other software if all else fails.

B

Share this post


Link to post
Share on other sites

As long as there is no spyware and the like I just took out the avg and will run others for now. Thanks for the help Jeff. You can close this if you want.

Michael

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.