« previous next »
Pages: [1]

Author Topic: Hijackthis Log- Help out please  (Read 874 times)

Offline Anthony

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Hijackthis Log- Help out please
« on: November 27, 2005, 12:18:24 PM »
Logfile of HijackThis v1.99.1
Scan saved at 12:10:43 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgvv.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*mi
crosoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;
*
test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkass
ociates.com;*photosite.com;*.dir.untd.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh2.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121445013046
O17 - HKLM\System\CCS\Services\Tcpip\..\{371D41B7-3A22-4B51-AB22-413EA552AA7E}: NameServer = 64.136.28.120 64.136.20.120
O17 - HKLM\System\CS1\Services\Tcpip\..\{371D41B7-3A22-4B51-AB22-413EA552AA7E}: NameServer = 64.136.28.120 64.136.20.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{371D41B7-3A22-4B51-AB22-413EA552AA7E}: NameServer = 64.136.28.120 64.136.20.120
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

Help is very much appreciated. Thanks.

Also..here is a scan I did with AVG.

Virus identified Worm/Alcan.A C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP120\A0014095.exe 11/7/2005 8:19:35 AM A0014095.exe 413.76 KB
    Virus identified Worm/VB.CE C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP120\A0014096.exe 11/7/2005 8:19:35 AM A0014096.exe 752 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP27\A0004412.exe 11/7/2005 8:19:35 AM A0004412.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP27\A0004413.exe 11/7/2005 8:19:35 AM A0004413.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP27\A0004446.exe 11/7/2005 8:19:35 AM A0004446.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP27\A0004447.exe 11/7/2005 8:19:35 AM A0004447.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP27\A0004462.exe 11/7/2005 8:19:35 AM A0004462.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP28\A0004472.exe 11/7/2005 8:19:36 AM A0004472.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP30\A0004519.exe 11/7/2005 8:19:36 AM A0004519.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP31\A0004641.exe 11/7/2005 8:19:36 AM A0004641.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP34\A0004709.exe 11/7/2005 8:19:36 AM A0004709.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP38\A0006645.exe 11/7/2005 8:19:36 AM A0006645.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP38\A0006651.exe 11/7/2005 8:19:36 AM A0006651.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP39\A0006695.exe 11/7/2005 8:19:36 AM A0006695.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP41\A0006772.exe 11/7/2005 8:19:36 AM A0006772.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP41\A0006788.exe 11/7/2005 8:19:36 AM A0006788.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP41\A0006872.exe 11/7/2005 8:19:36 AM A0006872.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP42\A0006918.exe 11/7/2005 8:19:37 AM A0006918.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP42\A0006984.exe 11/7/2005 8:19:37 AM A0006984.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP42\A0006985.exe 11/7/2005 8:19:37 AM A0006985.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP42\A0007009.exe 11/7/2005 8:19:37 AM A0007009.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP42\A0007027.exe 11/7/2005 8:19:37 AM A0007027.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP44\A0007210.exe 11/7/2005 8:19:37 AM A0007210.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP44\A0007239.exe 11/7/2005 8:19:37 AM A0007239.exe 341.9 KB
    Trojan horse Downloader.Dyfica.2.BA C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP44\A0007245.dll 11/7/2005 8:19:37 AM A0007245.dll 35.75 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP44\A0007320.exe 11/7/2005 8:19:37 AM A0007320.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP44\A0007354.exe 11/7/2005 8:19:37 AM A0007354.exe 341.9 KB
    Trojan horse Downloader.Dyfica.3.AL C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP45\A0007374.exe 11/7/2005 8:19:37 AM A0007374.exe 50.88 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP46\A0007494.exe 11/7/2005 8:19:38 AM A0007494.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP47\A0007530.exe 11/7/2005 8:19:38 AM A0007530.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP48\A0008535.exe 11/7/2005 8:19:38 AM A0008535.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP49\A0008565.exe 11/7/2005 8:19:38 AM A0008565.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP51\A0008641.exe 11/7/2005 8:19:38 AM A0008641.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP51\A0008680.exe 11/7/2005 8:19:38 AM A0008680.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP53\A0008730.exe 11/7/2005 8:19:38 AM A0008730.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP60\A0008870.exe 11/7/2005 8:19:38 AM A0008870.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP61\A0008878.exe 11/7/2005 8:19:38 AM A0008878.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP64\A0010864.exe 11/7/2005 8:19:38 AM A0010864.exe 341.9 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP64\A0010881.exe 11/7/2005 8:19:38 AM A0010881.exe 341.9 KB
    Trojan horse Downloader.Dyfica.3.AK C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP65\A0010924.exe 11/7/2005 8:19:39 AM A0010924.exe 50.88 KB
    Trojan horse IRC/BackDoor.SdBot.185.AG C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP72\A0012160.exe 11/7/2005 8:19:39 AM A0012160.exe 341.9 KB
    Trojan horse Dialer.17.E C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP142\A0022155.dll 11/26/2005 8:25:46 AM A0022155.dll 164 KB
    Trojan horse Generic.CN C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP144\A0025336.exe 11/26/2005 8:25:46 AM A0025336.exe 28 KB
    Virus identified Worm/Alcan.A C:\Program Files\MsConfigs\MsConfigs.exe 11/6/2005 11:15:58 PM MsConfigs.exe 413.76 KB
    Virus identified Worm/VB.CE C:\Program Files\winupdates\winupdates.exe 11/6/2005 11:15:59 PM winupdates.exe 752 KB
    Virus identified Worm/VB.CE C:\Uploads\A1 DVD Audio Ripper v1.1.41.zip 11/6/2005 11:15:59 PM A1 DVD Audio Ripper v1.1.41.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Absoft.Neat.Image.Pro.Plus.Edition 4.0.zip 11/6/2005 11:15:59 PM Absoft.Neat.Image.Pro.Plus.Edition 4.0.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Absolute Sound Recorder v3.24.zip 11/6/2005 11:15:59 PM Absolute Sound Recorder v3.24.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Absolute Video Converter v2.5.8.zip 11/6/2005 11:15:59 PM Absolute Video Converter v2.5.8.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\ACD Systems FotoSlate v4.0.22.zip 11/6/2005 11:15:59 PM ACD Systems FotoSlate v4.0.22.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Ace HTML Pro.zip 11/6/2005 11:15:59 PM Ace HTML Pro.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Acme Photo ScreenSaver Maker 1.70.zip 11/6/2005 11:15:59 PM Acme Photo ScreenSaver Maker 1.70.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Acme Photo ScreenSaver Maker v1.8.zip 11/6/2005 11:15:59 PM Acme Photo ScreenSaver Maker v1.8.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\ActiveX Manager 1.4.zip 11/6/2005 11:15:59 PM ActiveX Manager 1.4.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Actual Windows Minimizer v3.7.zip 11/6/2005 11:15:59 PM Actual Windows Minimizer v3.7.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Advanced GIF Optimizer 4.0.zip 11/6/2005 11:15:59 PM Advanced GIF Optimizer 4.0.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Advanced Office Password Recovery v3.03.zip 11/6/2005 11:15:59 PM Advanced Office Password Recovery v3.03.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Advanced.MP3.WMA.Recorder 5.2.zip 11/6/2005 11:15:59 PM Advanced.MP3.WMA.Recorder 5.2.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Anti-P0rn 7.0.6.10.zip 11/6/2005 11:15:59 PM Anti-P0rn 7.0.6.10.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Apollo DVD Copy v4.5.1.zip 11/6/2005 11:15:59 PM Apollo DVD Copy v4.5.1.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\AutoRun Pro 6.0.0.40.zip 11/6/2005 11:15:59 PM AutoRun Pro 6.0.0.40.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Bad CD Repair Pro v3.05.zip 11/6/2005 11:15:59 PM Bad CD Repair Pro v3.05.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\BlindWrite 5.07.122.MultiLanguage.zip 11/6/2005 11:15:59 PM BlindWrite 5.07.122.MultiLanguage.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Calendar Builder v3.40.zip 11/6/2005 11:15:59 PM Calendar Builder v3.40.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Canopus Xplode For EDIUS 4.0.zip 11/6/2005 11:15:59 PM Canopus Xplode For EDIUS 4.0.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Casesoft.Depprep 1.0.0.5.zip 11/6/2005 11:15:59 PM Casesoft.Depprep 1.0.0.5.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\CrusherX.Live 3.2.1.4.BiLiNGUAL.zip 11/6/2005 11:15:59 PM CrusherX.Live 3.2.1.4.BiLiNGUAL.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\CuteFTP Pro 7.0 Final.zip 11/6/2005 11:15:59 PM CuteFTP Pro 7.0 Final.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\CuteFTP.Pro 3.1.Build.2.18.1.zip 11/6/2005 11:16:00 PM CuteFTP.Pro 3.1.Build.2.18.1.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Dr. Hardware 2004 5.5.0e FULL.zip 11/6/2005 11:16:00 PM Dr. Hardware 2004 5.5.0e FULL.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\DVDReMake Pro 3.1.zip 11/6/2005 11:16:00 PM DVDReMake Pro 3.1.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\DynSite v1.11.788.3.zip 11/6/2005 11:16:00 PM DynSite v1.11.788.3.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\EF.Duplicate.Files.Manager 1.40.zip 11/6/2005 11:16:00 PM EF.Duplicate.Files.Manager 1.40.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\EzDNS 1.69a.zip 11/6/2005 11:16:00 PM EzDNS 1.69a.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\File Substring Replacement Utility v9.1.zip 11/6/2005 11:16:00 PM File Substring Replacement Utility v9.1.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\FinePrint pdfFactory Pro v2.43.zip 11/6/2005 11:16:00 PM FinePrint pdfFactory Pro v2.43.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\FlasherShop 3.1.0.181.zip 11/6/2005 11:16:00 PM FlasherShop 3.1.0.181.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Folder Security pro 3.00.0190.zip 11/6/2005 11:16:00 PM Folder Security pro 3.00.0190.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\FrontPage 2005 English.zip 11/6/2005 11:16:00 PM FrontPage 2005 English.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\GetRight 5.2a.zip 11/6/2005 11:16:00 PM GetRight 5.2a.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\IconCool Studio 1.2 Build 624.zip 11/6/2005 11:16:00 PM IconCool Studio 1.2 Build 624.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\ICopyDVDs2 Standard Edition 4.0.0.31.zip 11/6/2005 11:16:00 PM ICopyDVDs2 Standard Edition 4.0.0.31.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Inno Setup Compiler 5.1.4.zip 11/6/2005 11:16:00 PM Inno Setup Compiler 5.1.4.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\InstallBuilder 2.6.1.zip 11/6/2005 11:16:00 PM InstallBuilder 2.6.1.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Jasc Paint Shop Pro v9.0.1.zip 11/6/2005 11:16:00 PM Jasc Paint Shop Pro v9.0.1.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\JPEG Resizer 2.1.zip 11/6/2005 11:16:00 PM JPEG Resizer 2.1.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Kingdia DVD Audio Ripper v1.6.3.zip 11/6/2005 11:16:00 PM Kingdia DVD Audio Ripper v1.6.3.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Kingdia DVD Ripper Pro v2.4.3.zip 11/6/2005 11:16:00 PM Kingdia DVD Ripper Pro v2.4.3.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Longtion GIF Animator 4.0.0.28.zip 11/6/2005 11:16:00 PM Longtion GIF Animator 4.0.0.28.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Macro Express 3.5.4.1.zip 11/6/2005 11:16:00 PM Macro Express 3.5.4.1.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Macromedia Dreamweaver MX 2004.zip 11/6/2005 11:16:00 PM Macromedia Dreamweaver MX 2004.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\MagicTweak & Yanicsoft Products.zip 11/6/2005 11:16:00 PM MagicTweak & Yanicsoft Products.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\McAfee VirusScan v10.0.21.zip 11/6/2005 11:16:01 PM McAfee VirusScan v10.0.21.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Mighty Fax v3.19.zip 11/6/2005 11:16:01 PM Mighty Fax v3.19.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Mobile Master Pro v5.3.6.617 Multilanguage.zip 11/6/2005 11:16:01 PM Mobile Master Pro v5.3.6.617 Multilanguage.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Multi Tone Generator 1.6.zip 11/6/2005 11:16:01 PM Multi Tone Generator 1.6.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\MusicLab.Guitar.Rhythm.Pattern.Library.V.zip 11/6/2005 11:16:01 PM MusicLab.Guitar.Rhythm.Pattern.Library.V.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\NewsLeecher 2.0.zip 11/6/2005 11:16:01 PM NewsLeecher 2.0.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Panda Platinum Internet Security 2005.zip 11/6/2005 11:16:01 PM Panda Platinum Internet Security 2005.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\PC OMR v6.5.zip 11/6/2005 11:16:01 PM PC OMR v6.5.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Print2PDF Server Edition 5.0.05.0729.zip 11/6/2005 11:16:01 PM Print2PDF Server Edition 5.0.05.0729.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Print2PDF Server Edition v5.0.05.0729.zip 11/6/2005 11:16:01 PM Print2PDF Server Edition v5.0.05.0729.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\QuickTime Pro 7.0.2a63.zip 11/6/2005 11:16:01 PM QuickTime Pro 7.0.2a63.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\RegDoctor v1.38.zip 11/6/2005 11:16:01 PM RegDoctor v1.38.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Replay Music 2.01.zip 11/6/2005 11:16:01 PM Replay Music 2.01.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Rife Generator 3.0.zip 11/6/2005 11:16:01 PM Rife Generator 3.0.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Secura Archiver 1.6.zip 11/6/2005 11:16:01 PM Secura Archiver 1.6.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Selteco Flash Designer v5.0.20.6.zip 11/6/2005 11:16:01 PM Selteco Flash Designer v5.0.20.6.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Sinner GigAlarm v1.271.zip 11/6/2005 11:16:01 PM Sinner GigAlarm v1.271.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Sinner JukeBx v1.110.zip 11/6/2005 11:16:01 PM Sinner JukeBx v1.110.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\SpyRemover 2.26.zip 11/6/2005 11:16:01 PM SpyRemover 2.26.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Style XP 3.10.zip 11/6/2005 11:16:01 PM Style XP 3.10.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Super Video Splitter v1.8.zip 11/6/2005 11:16:01 PM Super Video Splitter v1.8.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\System Information Software All in one.zip 11/6/2005 11:16:01 PM System Information Software All in one.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\TFTPDWIN 0.3.zip 11/6/2005 11:16:01 PM TFTPDWIN 0.3.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\top 8 Screen Capture Apps.zip 11/6/2005 11:16:01 PM top 8 Screen Capture Apps.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Turbo C++ 3.0 Compiler.zip 11/6/2005 11:16:02 PM Turbo C++ 3.0 Compiler.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\UEStudio 05.00.zip 11/6/2005 11:16:02 PM UEStudio 05.00.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Warez P2P 2.85 .zip 11/6/2005 11:16:02 PM Warez P2P 2.85 .zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Web Dumper 2.23-Web site downloader.zip 11/6/2005 11:16:02 PM Web Dumper 2.23-Web site downloader.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\WinCHM 2.5.zip 11/6/2005 11:16:02 PM WinCHM 2.5.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Windows XP Pro 62Bit.zip 11/6/2005 11:16:02 PM Windows XP Pro 62Bit.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Windows.Codename.Longhorn.zip 11/6/2005 11:16:02 PM Windows.Codename.Longhorn.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\WinXP Manager 4.92.2 full.zip 11/6/2005 11:16:02 PM WinXP Manager 4.92.2 full.zip 69.4 KB
    Virus identified Worm/VB.CE C:\Uploads\Word2tex v 3.0.zip 11/6/2005 11:16:02 PM Word2tex v 3.0.zip 69.4 KB
    Trojan horse Proxy.AAX C:\Program Files\Microsoft AntiSpyware\Quarantine\13A9527D-B802-44BC-9A8B-ABE7AB\1563E677-0820-41AE-B28C-3E82A6 11/22/2005 7:55:44 PM 1563E677-0820-41AE-B28C-3E82A6 54.54 KB
    Trojan horse Proxy.AAX C:\Program Files\Microsoft AntiSpyware\Quarantine\C0FBD386-419E-48B5-AE5C-E8CEF5\9B234AAF-6E3A-42B4-AAB2-449C56 11/22/2005 7:55:44 PM 9B234AAF-6E3A-42B4-AAB2-449C56 54.66 KB
    Trojan horse Collected.Z C:\WINDOWS\tool4.exe 11/22/2005 7:55:44 PM tool4.exe 1024 bytes
    Trojan horse BackDoor.Generic.ONN C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP137\A0021742.exe 11/23/2005 8:14:24 AM A0021742.exe 52 KB
    Trojan horse Downloader.Generic.HEP C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP137\A0021768.exe 11/23/2005 8:14:24 AM A0021768.exe 11 KB
    Trojan horse Downloader.Generic.JMC C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP137\A0021770.exe 11/23/2005 8:14:24 AM A0021770.exe 3.74 KB
    Trojan horse Proxy.AHJ C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP137\A0021772.exe 11/23/2005 8:14:24 AM A0021772.exe 38.54 KB
    Trojan horse Proxy.AHJ C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP137\A0021773.exe 11/23/2005 8:14:24 AM A0021773.exe 38.54 KB
    Trojan horse Dropper.Generic.BUW C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP137\A0021776.exe 11/23/2005 8:14:25 AM A0021776.exe 64.52 KB
    Trojan horse Collected.Z C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP137\A0021777.exe 11/23/2005 8:14:25 AM A0021777.exe 1024 bytes
    Trojan horse PSW.Generic.DZN C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP139\A0021980.dll 11/23/2005 8:14:25 AM A0021980.dll 63 KB
    Trojan horse PSW.Generic.DZP C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP139\A0021981.exe 11/23/2005 8:14:25 AM A0021981.exe 2.5 KB
    Trojan horse PSW.Generic.EGU C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP139\A0021982.dll 11/23/2005 8:14:25 AM A0021982.dll 68 KB
    Trojan horse Collected.Z C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP139\A0021984.exe 11/23/2005 8:14:25 AM A0021984.exe 1024 bytes
    Trojan horse Downloader.Generic.HEP C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP139\A0021987.exe 11/23/2005 8:14:25 AM A0021987.exe 11 KB
    Trojan horse Downloader.Generic.GUK C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP139\A0022003.exe 11/23/2005 8:14:25 AM A0022003.exe 23.38 KB
    Trojan horse Proxy.AHT C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP139\A0022004.exe 11/23/2005 8:14:25 AM A0022004.exe 38.66 KB
    Trojan horse Proxy.AHT C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP139\A0022005.exe 11/23/2005 8:14:25 AM A0022005.exe 38.66 KB
    Trojan horse PSW.Generic.DZP C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP139\A0022057.exe 11/23/2005 8:14:25 AM A0022057.exe 2.5 KB
    Trojan horse Collected.Z C:\System Volume Information\_restore{6B331E2B-4907-4B4D-8D52-BB121CFFEE72}\RP140\A0022071.exe 11/23/2005 8:14:25 AM A0022071.exe 1024 bytes
« Last Edit: November 27, 2005, 12:49:21 PM by Anthony »
Logged

Offline Anthony

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Hijackthis Log- Help out please
« Reply #1 on: November 28, 2005, 09:53:25 PM »
You people aren't very supportive.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijackthis Log- Help out please
« Reply #2 on: November 28, 2005, 10:04:58 PM »
Sorry Anthony, busy at work and try to get on when I can
Do you still need a hand?
You never indicated what problems you are having
I can assume by looking at your AVG log, but please let me know
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Anthony

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Hijackthis Log- Help out please
« Reply #3 on: November 29, 2005, 09:28:23 PM »
Yeah, I still need help. My problems are viruses, spyware and adware. Is there anything that looks suspicious in the log there?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijackthis Log- Help out please
« Reply #4 on: November 29, 2005, 11:26:06 PM »
Yes, I see things that still may give you trouble

Can you do the following please
When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open

Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot  and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU

Download and save p2pnetwork.zip
Then UNZIP it to the BFU Folder

Download and save and then UNZIP to the BFU folder
BFU.zip
So you now have BFU.exe extracted

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please  save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

In safe mode

Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

Stay in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Perform action with all infections
 
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Restart back to Normal mode

Back in Windows
Post a fresh hijackthis log and the whole report from Ewido's
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Anthony

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Hijackthis Log- Help out please
« Reply #5 on: November 30, 2005, 11:10:04 PM »
Okay. I did everything you told me. Here are the results. Thanks for the help, by the way. Any problems?

HiJack Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:05:55 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*mi
crosoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;
*
test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkass
ociates.com;*photosite.com;*.dir.untd.com;<local>
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{371D41B7-3A22-4B51-AB22-413EA552AA7E}: NameServer = 64.136.28.120 64.136.20.120
O17 - HKLM\System\CS1\Services\Tcpip\..\{371D41B7-3A22-4B51-AB22-413EA552AA7E}: NameServer = 64.136.28.120 64.136.20.120
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe





Ewido Log:
---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         11:00:41 PM, 11/29/2005
 + Report-Checksum:      D52E2CCE

 + Scan result:

   C:\data -> TrojanDownloader.IstBar.nh : Cleaned with backup
   C:\WINDOWS\system32\mpegcore.dll -> Spyware.MediaBack : Cleaned with backup


::Report End
« Last Edit: November 30, 2005, 11:11:03 PM by Anthony »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijackthis Log- Help out please
« Reply #6 on: November 30, 2005, 11:18:18 PM »
How's everything on your end?

Many of those files found bad from AVG were in your system restore folders
We'll have to clean that

Additionally,
The majority of problems AVG detected were probably downloaded from a FileSharing program
You must scan your downloads with an updated virus scan before you try and open them

Some final cleanup
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once System Restore is reenabled

You should install this free tool
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

Check for updates every couple of weeks
after every update just simply click the "enable protection...."
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Anthony

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Hijackthis Log- Help out please
« Reply #7 on: December 01, 2005, 12:12:51 AM »
Thanks for all of your help. You don't know of any other actions that should be taken? Just curious.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijackthis Log- Help out please
« Reply #8 on: December 01, 2005, 12:42:36 AM »
Looks good
I take it everything is running fine then?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Anthony

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Hijackthis Log- Help out please
« Reply #9 on: December 01, 2005, 12:48:08 AM »
I can't complain. Especially considering how horrible my computer was before this little experiment. It's much faster and there are a lot less lag issues. I appreciate it, once again. Thanks.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijackthis Log- Help out please
« Reply #10 on: December 02, 2005, 12:28:04 AM »
I'll lock this topic as your problems appear resolved
Take Care Anthony  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »