Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijackthis Log

Started by PranKster , Apr 19 2007 10:47 PM

  • This topic is locked This topic is locked
8 replies to this topic

#1 PranKster

PranKster

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 19 April 2007 - 10:47 PM

This is my first scan log and I would appreciate any help and advice.I'm getting really mad connections and page loads for some reason.


Logfile of HijackThis v1.99.1
Scan saved at 11:27:26 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PeoplePC Accelerated\PropelAC.exe
C:\Program Files\PeoplePC\ISP6330\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6330\Browser\PPShared.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\Chris\Desktop\New Folder (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\PeoplePC Accelerated\PropelAC.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115764014157
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE57A153-D431-4463-BBDA-14A8ACB941FF}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 23 April 2007 - 05:29 AM

PranKster :D

Welcome to Tom Coyote . You do have a few issues malware wise going on that we need to fix.

First go into your Add-Remove Programs in the Control Panel and uninstall RXtoolbar if it will let you.

Then run just Option # 1 for Smitfraud and post the report for me to see.

Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 PranKster

PranKster

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 23 April 2007 - 10:15 AM

okay got all of that but it won't let me remove Rxtoolbar but it has showed up in an AVG anti-virus and spyware sacan but it overlooks it.That's strange but,here is my Smitfraud log.Thanks for the help! SmitFraudFix v2.171 Scan done at 11:05:45.69, Mon 04/23/2007 Run from C:\Documents and Settings\Chris\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PeoplePC Accelerated\PropelAC.exe C:\PROGRA~1\PeoplePC\ISP6330\Browser\PPShared.exe C:\Program Files\PeoplePC\ISP6330\Browser\Bartshel.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Chris\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 209.244.0.3 DNS Server Search Order: 209.244.0.4 HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE57A153-D431-4463-BBDA-14A8ACB941FF}: NameServer=209.244.0.3 209.244.0.4 HKLM\SYSTEM\CCS\Services\Tcpip\..\{C41AE2E2-5D9C-4CFC-9C07-2B92B61D1DDB}: DhcpNameServer=68.87.68.162 68.87.74.162 HKLM\SYSTEM\CS1\Services\Tcpip\..\{C41AE2E2-5D9C-4CFC-9C07-2B92B61D1DDB}: DhcpNameServer=68.87.68.162 68.87.74.162 HKLM\SYSTEM\CS2\Services\Tcpip\..\{C41AE2E2-5D9C-4CFC-9C07-2B92B61D1DDB}: DhcpNameServer=68.87.68.162 68.87.74.162 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 23 April 2007 - 10:45 AM

Lets do this, I didn't think it would let you uninstall that toolbar. Its malware.


You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

You need to enable windows to show all files and folders, instructions Here

Download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop. <-- In case you removed it

You have AVG Anti Spyare installed, have it set up this way , make sure to follow the instructions as to setting it to either remove or quarantine what it finds, Its important that I see the report so make sure you save it, it will tell me what and what was not removed along with possible tell tale signs of what may be hiding on your system. Without the report my hands are tied.
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon Update then select the Update now link.
  • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
  • Under Reports
  • Select Automatically generate report after every scan
  • Un-Select Only if threats were found
  • Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.


Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.


O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file)

O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)

O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file) <-- This is Smitfraud




Boot your computer into Safemode
  • Go to Start> Shut Off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to SAFEMODE
  • Then press the Enter on your Keyboard
Tutorial if you need it How to boot into Safemode

  • Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
  • Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  • The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart into normal Windows.
  • A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt





Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start> Control Panel and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete Offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button.
  • Click Apply then OK.





  • Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
  • AVG will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
  • If you have any infections you will prompted, then select Apply all actions
  • Next select the Reports icon at the top.
  • Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
  • make sure to remember where you saved that file, this is important
  • Close AVG Anti-Spyware 7.5
IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning process:



Still in Safemode , delete this folder.
C:\Program Files\RXToolBar





Reboot normally.
  • Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  • Select option #3 - Delete Trusted zone by typing 3 and press Enter
  • Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.




Reboot and run this system cleaner.

If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
Download and Install CCleaner
* Click on Run Cleaner
* Run the Issues Scan < -- After it scans your system, when you click on the Fix button and it asks you to backup the Registry..Say Yes
Tutorial for CCleaner



I need to see the log from Smitfraud, AVG and New HJT log please.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 PranKster

PranKster

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 23 April 2007 - 03:42 PM

Okay,that seems to have taken forever but,here are the logs.I scanned in the order by the directions but,copied and pasted in the wrong order sorry about that and thank ya much for your help!Oh,I set the AVG to quarantine in settings but it deleted the things it found.I copied this report before....

SmitFraudFix v2.171

Scan done at 15:01:54.34, Mon 04/23/2007
Run from C:\Documents and Settings\Chris\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 209.244.0.3
DNS Server Search Order: 209.244.0.4

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE57A153-D431-4463-BBDA-14A8ACB941FF}: NameServer=209.244.0.3 209.244.0.4
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C41AE2E2-5D9C-4CFC-9C07-2B92B61D1DDB}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C41AE2E2-5D9C-4CFC-9C07-2B92B61D1DDB}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C41AE2E2-5D9C-4CFC-9C07-2B92B61D1DDB}: DhcpNameServer=68.87.68.162 68.87.74.162


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:15:49 PM 4/23/2007

+ Scan result:



:mozilla.65:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.71:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.73:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.74:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.75:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.53:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.18:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.21:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.134:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.135:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.136:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.137:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.138:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.139:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.22:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.231:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.237:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.238:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.239:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.240:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.19:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.20:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.222:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.223:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.227:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.228:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.229:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.230:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.215:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.216:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.217:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.218:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.219:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.100:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.89:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.91:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.92:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.93:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.94:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.97:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.98:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.99:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.101:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.151:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.152:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.24:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.25:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.28:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.29:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.30:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.31:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2baus5oy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 2:58:04 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PeoplePC Accelerated\PropelAC.exe
C:\PROGRA~1\PeoplePC\ISP6330\Browser\PPShared.exe
C:\Program Files\PeoplePC\ISP6330\Browser\Bartshel.exe
C:\Documents and Settings\Chris\Desktop\New Folder (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\PeoplePC Accelerated\PropelAC.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115764014157
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE57A153-D431-4463-BBDA-14A8ACB941FF}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Edited by PranKster, 23 April 2007 - 03:44 PM.

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 23 April 2007 - 05:30 PM

You did just fine :thumbup: You haven't by chance run HJT in Safemode as it seems pretty lean, if you did post a log in normal windows. All AVG found were cookies so no sweat there :thumbup: The rest of your log looks fine, how are things running now?

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 PranKster

PranKster

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 23 April 2007 - 10:17 PM

Things are doing pretty much well right now.No I haven't run HJT in safemode but I may need to do that.Thank ya for all the help!and I'm very appreciative :)

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 24 April 2007 - 04:52 AM

PranKster :D

Glad all is well :thumbup: Here is some info and FREE programs to install to help keep more secure on the internet.

Malware Complaints
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.





How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.


Here are some free programs to install, don't leave home without them
  • Spybot Search and Destroy 1.4
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.
  • Ad-Aware SE Personal 1.06
    Check for Updates and run a Full System Scan on a regular basis.
  • Spyware Blaster It will prevent most spyware from ever being installed.
  • Spyware Guard It offers realtime protection from spyware installation attempts.
  • Win Patrol This program will warn you when any changes are being made to your system and give you the option to deny the change.
  • IE-Spyad
    IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
  • Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.
Thanks for stopping by Tom Coyote , I'm glad I was able to help you. :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 May 2007 - 10:40 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·