Post by: Zaigar on November 28, 2006, 12:24:19 PM
Post by: guestolo on November 29, 2006, 10:39:07 PM
Download Hijackthis from my signature below
SAVE it to your desktop
Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop
Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop
Double click to run Hijackthis.exe
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here
Post by: Zaigar on November 29, 2006, 10:55:18 PM
Not really sure what's going on with the computer.
Logfile of HijackThis v1.99.1
Scan saved at 7:52:44 PM, on 11/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\program files\sierra\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php (http://\"http://google.icq.com/search/search_frame.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com (http://\"http://google.icq.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox (http://\"http://www.google.ca/firefox\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/ac...ampaign=efc0605 (http://\"http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s (http://\"http://www.accoona.com/search?q=%s\")
R3 - Default URLSearchHook is missing
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Steam] "d:\program files\sierra\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MsnVirRem.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d5f25dc3490e4a5baf3d1678bd01adb7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d5f25dc3490e4a5baf3d1678bd01adb7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab (http://\"http://www.cabal.co.kr/Include/SysInfo.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab\")
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab (http://\"http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab (http://\"http://www.tricksteronline.com/control/tricksterActiveX.cab\")
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab (http://\"http://www.tricksteronline.com/control/KALogoutComponent.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
Post by: guestolo on November 30, 2006, 11:34:59 PM
Reboot your computer and post a fresh hijackthis log
Also, looks as if you ran MsnVirRem.exe
Can you post the log it produced please
Located here>>C:\msnvirrem.log
Post by: Zaigar on December 01, 2006, 12:15:15 AM
Logfile of HijackThis v1.99.1
Scan saved at 9:13:57 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Shareaza\Shareaza.exe
D:\program files\sierra\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php (http://\"http://google.icq.com/search/search_frame.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com (http://\"http://google.icq.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox (http://\"http://www.google.ca/firefox\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/ac...ampaign=efc0605 (http://\"http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s (http://\"http://www.accoona.com/search?q=%s\")
R3 - Default URLSearchHook is missing
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Steam] "d:\program files\sierra\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d5f25dc3490e4a5baf3d1678bd01adb7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d5f25dc3490e4a5baf3d1678bd01adb7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab (http://\"http://www.cabal.co.kr/Include/SysInfo.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab\")
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab (http://\"http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab (http://\"http://www.tricksteronline.com/control/tricksterActiveX.cab\")
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab (http://\"http://www.tricksteronline.com/control/KALogoutComponent.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
MsnVirRem Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\Zaigar's Realm\Desktop
11/29/2006
7:41:41 PM
---Infection Files Found---
C:\WINDOWS\system32\ndqnnzc\csrss.exe
C:\WINDOWS\system32\ndqnnzc\csrss.ini
C:\Documents and Settings\Zaigar's Realm\Start Menu\Programs\Startup\csrss.lnk
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\netstat.com
Rebooting...
Fixing Registry Permissions...
Editing Registry...
Fixing Host File...
**Fix Complete!**
Post by: guestolo on December 01, 2006, 12:20:18 AM
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: Zaigar on December 01, 2006, 12:30:52 AM
‚±‚Ì‹ó‚É–ñ‘©‚ðÂ\ SPECIAL‘ÌŒ±â€Ã…
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
AffinityRO Patcher
AIM Pro
AlienHead
AnyDVD
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audiator3
AVG Free Edition
Battle Position
BitComet 0.60
BitComet Toolbar
BrainBread v1.2
Brave Soul
Ceres-RO
CloneCD
CloneDVD2
Command & Conquer Generals
Command & Conquer Tiberian Sun
Creative DVD Audio Plugin for Audigy Series
Cronous ScreenSaver
DAEMON Tools
Decal Converter
DivX
DivX Player
Easy Language 4.0
ENFUNS Updater
eZROMs
Æ’GƒŒƒƒ“ƒ^ƒ‹ Æ’WÆ’FÆ’Å’Æ’CÆ’h ?????????
Final Fantasy XI Theme Installer
Form Fill (Windows Live Toolbar)
Futuristic MSN Skin
Google Earth
GTH(en)
GUILTY GEAR X2 #RELOAD
Half-Life: Counter-Strike
Hangame
HijackThis 1.99.1
Hopper (Messenger Plus! plug-in)
ICQ 5.1
ijji
Image Resizer Powertoy for Windows XP
InterActual Player
InterVideo WinDVD 7
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Japanese Language Support
jetAudio Basic
KSignAccessToolkit v1.0
LimeWire 4.10.9
Little Fighter 2 1.9c
Little Fighter 2 Toolbar
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
MAIET entertainment - Gunz
Media Library Management Wizard
Melty Blood Re-ACT Final Tuned
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Office Professional Edition 2003
Microsoft Phishing Filter Add-in
mIRC
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (2.0)
MSN Music Assistant
MSXML 4.0 SP2 Parser and SDK
myst4-screen
Natural Selection 3.1
NavyFIELD NorthAmerica
Nero 6 Ultra Edition
Nero Mega Plugin Pack
nProtect KeyCrypt
NSIS Quest (remove only)
Odyssey Online Classic 3.0.4
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
Ragnarok Online
Ragnarok Sakray
Rakion International
Realtek AC'97 Audio
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Sapphire TRIXX
Server Installation Package
Shareaza version 2.2.1.0
Softnyx Launcher
SpaceCowboy
Stardock Central
Steam(tm)
Storm Codec
StuffPlug-NG (Messenger Plus! Plugins)
Survival Project
Tabbed Browsing (Windows Live Toolbar)
The Odyssey Online Classic 5.8
UniChrome IGP Driver and Utilities
Ventrilo Client
Ventrilo Server
VIA Platform Device Manager
Wave11 Glass
Westwood Shared Internet Components
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Genuine Advantage v1.3.0254.0
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Toolbar MSN Extension (Windows Live Toolbar)
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series Winter Fun Pack
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
WinRAR archiver
Yahoo! Toolbar
Post by: guestolo on December 03, 2006, 11:22:18 AM
Malware can exploit the holes in older versions
Can you do the following
==Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10 (http://\"http://java.sun.com/javase/downloads/index.jsp\")
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation Multi-language
Don't install it yet
Open your Windows control panel>>Start>>control Panel
Ensure you are in Classic view
Double click to open the Java Icon>>Under the General tab click "Delete Files"
Leave all 3 selections checked and click "OK"
Exit Java
Access your Add/remove programs via Control Panel
Remove the following
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/ac...ampaign=efc0605 (http://\"http://www.accoona.com/search_assistant/ac...ampaign=efc0605\")
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s (http://\"http://www.accoona.com/search?q=%s\")
R3 - Default URLSearchHook is missing
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll (file missing)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
You can tick the next ones too, related to your filesharing programs, they don't need to be running on startup
This is up to you
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows
Double click on the Java installer you saved earlier
follow the prompts
After installation you can delete the installer from your desktop
Post back one last hijackthis log
Do you know what this entry in your log is related too?
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
Post by: Zaigar on December 04, 2006, 04:34:50 AM
Scan saved at 1:33:02 AM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\program files\sierra\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php (http://\"http://google.icq.com/search/search_frame.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com (http://\"http://google.icq.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox (http://\"http://www.google.ca/firefox\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
O4 - HKCU\..\Run: [Steam] "d:\program files\sierra\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d5f25dc3490e4a5baf3d1678bd01adb7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d5f25dc3490e4a5baf3d1678bd01adb7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab (http://\"http://www.cabal.co.kr/Include/SysInfo.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab\")
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab (http://\"http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab (http://\"http://www.tricksteronline.com/control/tricksterActiveX.cab\")
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab (http://\"http://www.tricksteronline.com/control/KALogoutComponent.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
[quote name=\'guestolo\' post=\'250904\' date=\'Dec 3 2006, 08:22 AM\']Do you know what this entry in your log is related too?
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack[/quote]
I think it's the .mkv file codec I was trying to download. I don't think anything happened when I downloaded it. So perhaps you can suggest what I should do with it.
Post by: guestolo on December 04, 2006, 10:01:38 AM
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Don't open any browser windows yet, instead
* Go to start > run and type:
cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.
Come back here and post one last hijackthis log and let me know how things are running please
Post by: Zaigar on December 04, 2006, 04:31:41 PM
Scan saved at 1:29:29 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\program files\sierra\steam\steam.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php (http://\"http://google.icq.com/search/search_frame.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com (http://\"http://google.icq.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox (http://\"http://www.google.ca/firefox\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
O4 - HKCU\..\Run: [Steam] "d:\program files\sierra\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d5f25dc3490e4a5baf3d1678bd01adb7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d5f25dc3490e4a5baf3d1678bd01adb7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab (http://\"http://www.cabal.co.kr/Include/SysInfo.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab\")
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab (http://\"http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab (http://\"http://www.tricksteronline.com/control/tricksterActiveX.cab\")
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab (http://\"http://www.tricksteronline.com/control/KALogoutComponent.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
I have done all stated in the above, and everything seems to be running fine. Thank you very much. If anything else is needed to be done. Please let me know.
/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />
Post by: guestolo on December 04, 2006, 08:21:43 PM
Can you ensure you do this correctly
Do a "System scan only" with Hijackthis and put a check next to this entry:
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Post a fresh hijackthis log to ensure that entry is gone
Post by: Zaigar on December 04, 2006, 10:38:41 PM
Scan saved at 7:36:26 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\program files\sierra\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php (http://\"http://google.icq.com/search/search_frame.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com (http://\"http://google.icq.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox (http://\"http://www.google.ca/firefox\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
O4 - HKCU\..\Run: [Steam] "d:\program files\sierra\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d5f25dc3490e4a5baf3d1678bd01adb7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d5f25dc3490e4a5baf3d1678bd01adb7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab (http://\"http://www.cabal.co.kr/Include/SysInfo.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab\")
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab (http://\"http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab (http://\"http://www.tricksteronline.com/control/tricksterActiveX.cab\")
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab (http://\"http://www.tricksteronline.com/control/KALogoutComponent.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
The entry is still there, I don't know why. But I am certain that I double checked, that I followed the intructions completely.
Post by: guestolo on December 04, 2006, 11:19:31 PM
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix
Post by: Zaigar on December 05, 2006, 03:53:15 AM
Zaigar's Realm - 06-12-05 0:40:50.46 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Zaigar's Realm\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))
2006-12-04 01:39 <DIR> d-------- C:\Program Files\GRETECH
2006-12-04 01:30 <DIR> d-------- C:\Program Files\Java
2006-12-04 01:30 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-02 19:26 <DIR> d-------- C:\Program Files\RAGNAROK BATTLE OFFLINE
2006-11-29 19:51 <DIR> d-------- C:\Program Files\HijackThis
2006-11-25 17:44 <DIR> d-------- C:\ijji
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-05 00:35 -------- d-------- C:\Program Files\The Odyssey Online Classic
2006-12-04 22:11 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-04 13:34 -------- d-------- C:\Program Files\Gravity
2006-12-04 12:58 65536 --a------ C:\WINDOWS\IFinst27.exe
2006-12-04 01:30 -------- d-------- C:\Program Files\Common Files
2006-12-04 01:15 -------- d-------- C:\Program Files\Accoona
2006-11-25 18:49 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-11-25 18:44 -------- d-------- C:\Program Files\MSN Messenger
2006-10-14 23:30 -------- d-------- C:\Program Files\mIRC
2006-10-06 18:47 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-05 06:48 -------- d-------- C:\Program Files\GALA-NET
2006-10-05 06:48 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-10 12:48 2368 --a------ C:\WINDOWS\system32\STEC3.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"d:\\program files\\sierra\\steam\\steam.exe\" -silent"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Program Files\\ICQLite\\ICQLite.exe -trayboot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"StormCodec_Helper"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"LogonStudio"="\"C:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"SoundMan"="SOUNDMAN.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"ICQ Lite"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Combined Community Codec Pack"="\"C:\\Documents and Settings\\Zaigar's Realm\\Local Settings\\Temp\\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\\Combined-Community-Codec-Pack-2006-01-18.exe\" /INSTTYPE=ALL /SMDIR=\"Combined Community Codec Pack\" /D=C:\\Program Files\\Combined Community Codec Pack"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,40,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,92,00,00,00,00,00,00,00,6e,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,92,00,00,00,00,00,00,00,6e,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Completion time: 06-12-05 0:42:10.71
C:\ComboFix.txt ... 06-12-05 00:42
Post by: guestolo on December 05, 2006, 11:41:46 PM
C:\Program Files\Accoona <-folder
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box
Code: [Select]
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
Print the rest of these instructions, or save them too a text file on desktop for reference
Close down all Browser windows>>This one included
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Double click on fix.reg and allow to add/merge to the registry at the prompt
Reboot the computer
Post back a fresh hijackthis log afterwards
Post by: Zaigar on December 06, 2006, 05:40:16 AM
Post by: guestolo on December 06, 2006, 09:33:10 AM
Download remove.zip and save too desktop
[attachment=2005:remove.zip]
Right click on it and Extract the contents too desktop so you now have remove.reg unzipped
Double click on remove.reg and allow to merge to the registry
Reboot and post a fresh hijackthis log
Post by: Zaigar on December 06, 2006, 05:34:02 PM
Post by: guestolo on December 06, 2006, 11:45:23 PM
Do the following please
Use INTERNET EXPLORER
Run an online virus scan at Kaspersky's
Link is in my signature below
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
***Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
***Scan Options:
Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
Select My Computer
- This program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
***Now click on the Save as Text button:
- Save the file to your desktop.
Post by: Zaigar on December 07, 2006, 03:51:54 AM
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 07, 2006 12:50:42 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/12/2006
Kaspersky Anti-Virus database records: 248675
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 123087
Number of viruses found: 16
Number of infected objects: 28 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:06:27
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\AIMPro\log\aimpro.exe_PL_Trace.txt Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\AIMPro\log\apExtCmp.log Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cert8.db Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\formhistory.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\history.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\key3.db Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\parent.lock Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\search.sqlite Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Working\database_F090_4279_9042_45F6\dfsr.db Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Working\database_F090_4279_9042_45F6\fsr.log Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Working\database_F090_4279_9042_45F6\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Working\database_F090_4279_9042_45F6\tmp.edb Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Windows Live Contacts\megaman_x_255Email Removed\real\members.stg Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Windows Live Contacts\megaman_x_255Email Removed\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\AntiPhishing\FDE76B9D-4657-4B28-AE87-04EFD23D4EB6.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\Perflib_Perfdata_1b0.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\Perflib_Perfdata_c18.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\Perflib_Perfdata_c20.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\trace.txt Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\tricon-Email Removedtxt Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\~DFDCEC.tmp Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\~DFE25B.tmp Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\~DFF276.tmp Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\~DFF6F8.tmp Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\Games\Home\My Documents\Worms2-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WPE PRO.exe Infected: Sniffer.Win32.WpePro.a skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WpeSpy.dll Infected: Sniffer.Win32.WpePro.a skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar RAR: infected - 2 skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WPE PRO.exe Infected: Sniffer.Win32.WpePro.a skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WpeSpy.dll Infected: Sniffer.Win32.WpePro.a skipped
C:\Documents and Settings\Zaigar's Realm\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Zaigar's Realm\ntuser.dat.LOG Object is locked skipped
C:\mIRCStormV2.0.0\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\mIRCStormV2.0.0\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Program Files\AlienHead7.0\AlienHead 7.0.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Program Files\AlienHead7.0\Files\protection.mrc Infected: Backdoor.IRC.Logare skipped
C:\Program Files\HijackThis\backups\backup-20061204-011535-640.dll Infected: not-a-virus:AdWare.Win32.Agent.b skipped
C:\Program Files\MediaGateway\Updater.exe Infected: not-a-virus:AdTool.Win32.WinAD.bv skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713AB7228F1-98F2-4D9A-85C0-6E9284 Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\45ADC0BF-4F3F-4398-9EFE-8AA3D4 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\CD73EA9C-76C0-4524-81E3-7A8FBA Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA3096233-388E-4FDE-AA34-843AFE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\4E2C649C-D701-4888-8020-9F00A2 Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\59EAAE33-B0A7-4599-87B0-0E08F8 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\5227A05A-C262-4BC6-8753-7604B9\8A585877-6690-45CC-B213-C821F2 Infected: not-a-virus:AdWare.Win32.180Solutions.s skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\16AA3B86-187E-4E79-BBBC-DD0689 Infected: not-a-virus:AdTool.Win32.WhenU.b skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\A2686E1C-B273-4099-8FED-E4C7C5 Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\ED3A814A-DAF7-4BE0-AA2F-EBB2BD Infected: not-a-virus:AdTool.Win32.WhenU.d skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\MediaGateway.exe Infected: not-a-virus:AdWare.Win32.WinAD.bt skipped
C:\WINDOWS\NDNuninstall6_98.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{11C45C40-3C12-4D1A-98A2-B70CBB88A28A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Program Files\Sierra\Steam\Steam.log Object is locked skipped
D:\Program Files\Sierra\Steam\SteamApps\winui.gcf Object is locked skipped
D:\Program Files\Sierra\Steam\SteamLogs\SteamStats.log Object is locked skipped
D:\RO2\Gravity\RO\WPE PRO.exe Infected: Sniffer.Win32.WpePro.a skipped
D:\RO2\Gravity\RO\WpeSpy.dll Infected: Sniffer.Win32.WpePro.a skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Post by: guestolo on December 07, 2006, 03:33:30 PM
Download>>Install [color=\"#000099\"]AVG Anti-Spyware 7.5[/color] (http://\"http://www.ewido.net/en/download/\") from Ewido networks
- Load AVG-antispyware and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
Print the rest of these instructions or save them to a text file on desktop
Reboot your computer in SAFE MODE, sign in with your normal user account
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Load AVG-Antispyware
- Click the "Settings" tab, Under "How to Act", click on "recommended action" and change to Quarantine and ensure that Automatically generate report after every scan is selected
- Click back to the "Scan" tab and then click on Complete System Scan.
- Let this scan complete, let it run uninterrupted
- AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Delete fix.reg and redownload it from above and try merging it again, do you still get the error message?
Make sure you unzip it first
Come back here and post the report from AVG antispyware
Can you also do the following
Open your version of AVG AnitVirus software
Click on Information>>About AVG Free
Let me know Program Version No. please
Post by: Zaigar on December 07, 2006, 10:19:50 PM
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:02:10 PM 12/7/2006
+ Scan result:
C:\Program Files\Microsoft AntiSpyware\Quarantine\5227A05A-C262-4BC6-8753-7604B9\8A585877-6690-45CC-B213-C821F2 -> Adware.180Solutions : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
C:\Program Files\HijackThis\backups\backup-20061204-011535-640.dll -> Adware.Agent : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713AB7228F1-98F2-4D9A-85C0-6E9284 -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\45ADC0BF-4F3F-4398-9EFE-8AA3D4 -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\CD73EA9C-76C0-4524-81E3-7A8FBA -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA3096233-388E-4FDE-AA34-843AFE -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\4E2C649C-D701-4888-8020-9F00A2 -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\59EAAE33-B0A7-4599-87B0-0E08F8 -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\16AA3B86-187E-4E79-BBBC-DD0689 -> Adware.SaveNow : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\A2686E1C-B273-4099-8FED-E4C7C5 -> Adware.SaveNow : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\ED3A814A-DAF7-4BE0-AA2F-EBB2BD -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\Games\Home\My Documents\Worms2-dm.exe -> Adware.Trymedia : No action taken.
C:\Program Files\MediaGateway\Updater.exe -> Adware.WinAD : No action taken.
C:\WINDOWS\MediaGateway.exe -> Adware.WinAD : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
D:\RO2\Gravity\RO\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
D:\RO2\Gravity\RO\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
::Report end
Oh and the version that I'm using for AntiVirus is 7.1.394. I can't seem to install any updates for AVG Anti Virus.
Post by: guestolo on December 07, 2006, 10:36:38 PM
You didn't set to Quarantine
EG>>>C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : No action taken.
Can you do the following
Ensure that you
PRINT these instructions or Save them too a Text file so you can follow along
Remain in Normal mode
Close down all unnecessary programs running in the background
This includes this Browser window
Find and delete this folder
C:\Program Files\MediaGateway <-folder
Load AVG-Antispyware
Follow these instructions CLOSELY
*Click the "Scanner" tab
* Click the "Settings" tab, Under "How to Act", click on "recommended action" and change to Quarantine and ensure that "Automatically generate report after every scan" is selected
* Click back to the "Scan" tab and then click on Complete System Scan.
* Let this scan complete, let it run uninterrupted
* AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
* Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Reboot the computer
Back in Windows
Go to the following link
http://free.grisoft.com/doc/5390/lng/us/tp...anti-virus-free (http://\"http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-virus-free\")
Download and Install it
The installer to the latest version of AVG free is under
"AVG Free for Windows installation files"
Follow the instruction on that page to install the latest version
After you have successfully installed the latest version, ensure it is updated and run a Full system scan with AVG AntiVirus
Let it clean whatever it finds
Reboot the computer afterwards
Come back here and post one last hijackthis log and the new report from AVG AntiSpyware you saved earlier
Post by: Zaigar on December 08, 2006, 05:15:15 PM
Logfile of HijackThis v1.99.1
Scan saved at 2:10:27 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\program files\sierra\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php (http://\"http://google.icq.com/search/search_frame.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com (http://\"http://google.icq.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox (http://\"http://www.google.ca/firefox\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
O4 - HKCU\..\Run: [Steam] "d:\program files\sierra\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d5f25dc3490e4a5baf3d1678bd01adb7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d5f25dc3490e4a5baf3d1678bd01adb7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab (http://\"http://www.cabal.co.kr/Include/SysInfo.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab\")
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab (http://\"http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab (http://\"http://www.tricksteronline.com/control/tricksterActiveX.cab\")
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab (http://\"http://www.tricksteronline.com/control/KALogoutComponent.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:05:09 PM 12/8/2006
+ Scan result:
C:\Program Files\Microsoft AntiSpyware\Quarantine\5227A05A-C262-4BC6-8753-7604B9\8A585877-6690-45CC-B213-C821F2 -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20061204-011535-640.dll -> Adware.Agent : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713AB7228F1-98F2-4D9A-85C0-6E9284 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\45ADC0BF-4F3F-4398-9EFE-8AA3D4 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\CD73EA9C-76C0-4524-81E3-7A8FBA -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA3096233-388E-4FDE-AA34-843AFE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\4E2C649C-D701-4888-8020-9F00A2 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\59EAAE33-B0A7-4599-87B0-0E08F8 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\16AA3B86-187E-4E79-BBBC-DD0689 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\A2686E1C-B273-4099-8FED-E4C7C5 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\ED3A814A-DAF7-4BE0-AA2F-EBB2BD -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\Games\Home\My Documents\Worms2-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\WINDOWS\MediaGateway.exe -> Adware.WinAD : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
D:\RO2\Gravity\RO\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
D:\RO2\Gravity\RO\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.15:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Zaigar's Realm\Cookies\zaigar's realm@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.32:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.30:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.31:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.17:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Post by: guestolo on December 08, 2006, 10:57:13 PM
Or was it disabled after you got the infection?
I don't see the Email scanner running after you installed AVG
Can you go to START>>RUN>>type in services.msc
Hit OK
On the right hand side, look for this service name
AVG E-mail Scanner
If found, double click on it and click the START button if allowed
Apply and exit out of there
Does fix.reg import now?
You did unzip it didn't you?
Can you right click on fix.reg and select EDIT
copy>>paste back here the contents please
Also post a fresh hijackthis log
Post by: Zaigar on December 10, 2006, 09:07:18 PM
And by the way, was it fix.reg or remove.reg? I'm sorta confused.
Post by: guestolo on December 11, 2006, 12:59:24 AM
Quote
And by the way, was it fix.reg or remove.reg? I'm sorta confused.
Post back the contents of both
Also, are you signed in as an Adminstrator on this computer?
If not, are there other users on this computer
Avg email scanner, I've posted to a couple other users about this
Let's see what they come up with
Post by: Zaigar on December 11, 2006, 02:57:14 AM
Post by: guestolo on December 11, 2006, 09:40:35 AM
Go to START>>Control Panel
Open User Accounts, Select your account
Are you the only user on the computer?
Also, I asked you this earlier
Have you disabled Microsoft Antispyware from running on startup
Or was it disabled after you got the infection?
Post by: Zaigar on December 11, 2006, 10:57:39 AM
I am the only user on the computer.
I do not remember disabling AntiSpyware from running on startup. I'm not sure what happened there, but it seems to be working fine.
On services.msc the startup type says Automatic.
Post by: guestolo on December 11, 2006, 07:51:15 PM
Quote
And by the way, was it fix.reg or remove.reg? I'm sorta confused.
Can you post the contents of both please
Post by: Zaigar on December 12, 2006, 12:30:40 AM
Post by: guestolo on December 12, 2006, 12:35:28 AM
copy>>paste back here the contents please
Post by: Zaigar on December 12, 2006, 02:00:49 AM
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]