Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Agloco


  • This topic is locked This topic is locked
14 replies to this topic

#1 batfink

batfink

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 27 September 2007 - 04:03 PM

hi I have a problem I'm hoping you can help me with, I have a page that opens by itself every hour roughly, whether I am on the net or not, I have scanned with nod32, spy sweeper and spybot, but they do not seem to pick this problem up.

Logfile of HijackThis v1.99.1
Scan saved at 22:43:42, on 27/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system32\msnmsg.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...rch&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MonAppli] C:\windows\system32\msnmsg.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180607037482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180607184248
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D0F0FC-D1C8-433E-B932-23E8E70A9442}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


I hope someone can help me with this I'm a bit lost with it :blush:

    Advertisements

Register to Remove


#2 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 27 September 2007 - 07:07 PM

Hi batfink and welcome to the forums.

My name is Dave. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can sometimes take a while to research so please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • NOTE:Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start, if possible.


=============================================================================

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes.
Disable Spybot's TeaTimer. This is a two step process.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.

---------------------------------------

Run HijackThis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [MonAppli] C:\windows\system32\msnmsg.exe

Then close all windows except this one and press Fix checked.

----------------------------------------

We need to make sure all hidden files are showing so please:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

----------------------------------------

Using Windows Explorer delete the following file:

C:\windows\system32\msnmsg.exe


Now reboot and post a new HJT log. Let me know how it's doing now also.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#3 batfink

batfink

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 28 September 2007 - 08:27 AM

Hi thanks for the prompt attention, very pleasing :D .

I have done as instructed, also spybot said i might have a problem with ctfmon.exe, i have re-enabled this, could you tell me whether to delte this or not please :( , I will have to report back on whether this has worked because when ctfmon.exe was disabled the agloco page didnt come up for about 2-3 hours, once again thanks for the prompt attention :thumbup: .


Logfile of HijackThis v1.99.1
Scan saved at 15:08:38, on 28/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...rch&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180607037482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180607184248
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D0F0FC-D1C8-433E-B932-23E8E70A9442}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

p.s. also i took some screenshots of the information about the agloco page would these help in anyway, if they might help I can post these also :wacko:

#4 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 28 September 2007 - 09:58 AM

CTFMon in your case is perfectly safe and harmless. Here is some info. on it:

CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features.
CTFMON can be disabled from Control Panel, Text & Speech Services. NOTE: The file will always be located in the System32 folder. If it is located elsewhere, it will likely be a worm or trojan!

p.s. also i took some screenshots of the information about the agloco page would these help in anyway, if they might help I can post these also

No, hopefully won't need them. As long as the pop-ups don't keep coming back.

Let's do an AVG AS scan and some cleanup too.

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now
    change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
  • Under How to act? - make sure that Quarantine is selected.
  • Under How to scan? - All checkboxes should be ticked.
  • Under Possibly unwanted software - All checkboxes should be ticked.
  • Under Reports - Select Do not automatically generate reports.
  • Under What to scan? - Select Scan every file.
Close all open windows.



Please download ATF Cleaner here by Atribune. This program is for XP and Windows 2000 only.
It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


We Now Need To Boot Into Safemode Now

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine,
amount of memory, hard drives installed etc (BOOT SCREEEN).
At this point you should gently tap the F8 key repeatedly until you are presented with a Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Run AVG

  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button This must done before saving the report
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
      Posted Image
  • Right-click the AVG Tray Icon and select Exit.
  • Now copy the report back to this topic.

Restart into normal mode and post the AVG Log and a new HJT Log. Also how are things now
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#5 batfink

batfink

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 28 September 2007 - 06:18 PM

hi here is the logs:-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:55:16 29/09/2007

+ Scan result:



:mozilla.330:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.243:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.37:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.396:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.78:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.35:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.210:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.211:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.212:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.213:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.214:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.329:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.36:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.124:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.125:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.126:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.127:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.128:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.204:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.250:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.305:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.207:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.130:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.131:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.132:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.135:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.198:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.199:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.200:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.201:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.203:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.220:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.221:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.222:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.251:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.28:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.300:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.301:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.302:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.303:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.307:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.310:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.320:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.407:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.84:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.289:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Etracker : No action taken.
:mozilla.290:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Etracker : No action taken.
:mozilla.169:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.196:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.218:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.258:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.264:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.265:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.291:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.365:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.39:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.268:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.269:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.89:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Intelli-direct : No action taken.
:mozilla.208:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.209:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.190:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.76:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.54:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.55:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.56:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.57:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.58:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.59:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.60:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.115:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.116:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.117:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.118:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.179:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.180:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.181:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.182:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.183:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.219:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.62:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.63:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.65:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.235:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.237:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.351:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.352:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.353:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.381:C:\Documents and Settings\Beany\Application Data\Mozilla\Firefox\Profiles\znobrxo7.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Program Files\Your Uninstaller 2006\uruninstaller.exe -> Trojan.Small : No action taken.


::Report end

------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 01:10:28, on 29/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...rch&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180607037482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180607184248
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D0F0FC-D1C8-433E-B932-23E8E70A9442}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

-----------------------------

when i entered safe mode i couldnt see all the buttons in avg, so i am not sure if it quarantined or not because it's not in the quarantine folder on normal mode :(

#6 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 28 September 2007 - 06:29 PM

No, it didn't quarantine anything. That's not a big deal, as everything it found was only cookies except this item: C:\Program Files\Your Uninstaller 2006\uruninstaller.exe -> Trojan.Small : No action taken. Did you download this program, Your Uninstaller 2006. It does appear to be legit., I've never used it though. It may be a false positive from AVG. How is it running? Looks clean to me.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#7 batfink

batfink

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 29 September 2007 - 06:43 AM

Hi, yes i did d/l the prog, it did seem to work alright, I did an avg scan in normal mode and quarantined it, and then tried running the prog, which wouldnt load so I restored it back and it loaded normally, I will keep an eye on it though, I use this to uninstall programs because it takes out all the registery keys and things left behind by add/remove or program uninstall ( I had trouble before with stuff left behind by uninstalls ), do you think I should uninstall this prog ? :(

#8 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 29 September 2007 - 07:11 AM

No, I think the program is safe from what I can tell, I'm just not familiar with it. I would keep it if it works for you.

How is it running?

Let's do a Kaspersky scan.

Using Internet Explorer, click on Kaspersky Online Scanner * Click 'Accept' in the window that pops up.
* You will be prompted to install an ActiveX component from Kaspersky, Click on the information bar and select Install ActiveX Control if so. This may happen more than once. That is OK. You also may get a warning from your Windows Firewall. You can tell it to unblock.
* The program will launch and then start to download the latest definition files.
* Once the scanner is installed and the definitions downloaded, click 'Next'.
* Now click on 'Scan Settings'
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
o Scan Options: 'Scan Archives' and 'Scan Mail Bases'
* Click 'OK'
* Now under 'Select a target to scan' select 'My Computer'
* The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
* Now click on the 'Save Report As...' button:
* Make sure it says Save as a text file - change it if not
* Save the file to your desktop.
Please post the Kaspersky report and a new HijackThis log.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#9 batfink

batfink

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 30 September 2007 - 06:32 AM

hi dave here are the logs as requested :-

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, September 30, 2007 1:09:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 30/09/2007
Kaspersky Anti-Virus database records: 425471
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 55891
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:58:25

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0339EE81-95B4-48A2-9ECA-651A22E4EFAB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS07612802-E7A3-4AB9-B5A9-616FE2A483AB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS07FFFC5A-D927-4E68-8DC3-3C0274984796.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS09363ED4-0949-4DD9-A315-343E3E02F97B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS09D2BF09-0DA1-4B9E-8184-A004E4EC5DF9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0C8FC16D-D2CE-42E0-A16C-D45167D54BE0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CC8116B-6382-407D-A4B3-0ACC8979A465.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0FBBD8D5-E10E-4D34-99E5-A209EBBC5697.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS14FD868F-32E7-4806-858C-3FBC2D8C7CDA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS17F607FE-5AD9-419C-8FAE-10338658C1E8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1B09A276-B36F-45A3-9843-4DF6B60260A6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1F7B81EE-637B-42F0-AC8F-BBAF0DF4313F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS240A5131-AB26-4179-85FE-1F18F51AF0B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2C4B31AF-B635-4B46-91F8-C4C0CA92B597.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E62B905-A473-492B-AD7E-B6482FC9966A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2F8D5523-A2FB-4E94-957C-B4B74714601C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS32EF9BF2-DE37-41FF-8CE5-5F919A0396D6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS35F2539A-0BBC-47C6-B6B7-8817E3F34859.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS39CF51E8-2156-4FA9-9E4A-AACA3C7FC399.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS44EBB61F-5B27-4567-A94C-F3C56A686A51.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4E42E920-499B-4EFE-867C-5B6E28BA0DA0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F3C165C-F560-4F1D-92C2-75AAEF354D61.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS517B90D3-556F-4BAC-A79A-4F33C010D6DB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS55D253BD-540A-4AF8-AC57-8FBFA99B1E89.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS57F49249-BD10-4CD5-B9D6-647FCED146A9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C216C3C-D7AF-4E9F-8CDF-E04B6502C2B2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5D62B046-14C8-444E-B3EC-622E319FB46F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5F9590FE-257C-452E-8B00-ACA7C86232D1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6152661F-5912-407E-AA9D-F4D67633A1C3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6703356F-1833-4EC5-B7FF-83AC4874F5A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS69B538EB-AD4B-435E-A095-DD404C6F2D9B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6A559BA3-6CCC-4ECB-A7A2-B1A1C7201299.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS818F6A2D-47F8-4D02-B03D-942E50D08DB2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS84BB9D95-45B4-4D7F-A4F2-A9E007791814.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85FF6CB6-CEE2-4A47-85AD-FC02FC4DE3AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8A0932EB-A6ED-40F1-B4D5-80A45FCEC693.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8F8D998A-2B9C-4124-A8D2-96F68CFB7787.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FF97004-DDA6-44D7-BB95-679F76205716.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90CFECB2-DEAE-4A6D-AA80-529C687B362F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS937333D9-9EAD-463C-84D5-B0D72003046B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99DEA68A-85C5-4BFE-9BB8-E95218C7DA50.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9BE7776F-680C-45F7-8641-1E78B001785D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9ED07DA9-6D5F-45A5-AEFA-D0811665CE1D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9F167619-BFBE-44D7-ABAD-351668C90A99.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6AE78C2-2A6B-4A96-8AD8-31E32600217F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6BB06DA-5D39-4900-9EDE-D32952FD550E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAB7FCF0B-AC83-4DB9-AB3C-74427F563E8C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB48EB193-B4A1-461A-8EF5-C542C1BD3E62.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6D73D9D-373E-4181-83B9-11A49D61EE80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB9D63226-1B2B-4E66-89E0-4B812413D461.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC829CCD-154D-49EA-A25A-AF2CB52865F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBE7BB1C8-A247-4AA2-B8D4-DF12A7635FCE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC1350C18-2362-44EB-9CC4-4C1EFBB70C85.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7A220AA-FF95-48CE-A2F0-5943B815649C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCBDC933C-B6F3-48E4-B20D-230F3886B4B4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCD19B8B7-F2D7-4120-9544-ECDF564E193D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD5677059-A0CC-4301-BC07-F5EA66FD910A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDA5BC9AF-4338-4A1E-ADFE-7F9F6A455FD9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDBEBE791-D40E-49E3-AC16-21D061765199.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE8657ED-9AEA-48FB-9E5D-33BA9E0712F3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE3D3EE17-D0FA-4AE8-83B4-25A994D9DB6B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE3EC6ECA-4830-4AAD-B14E-8ABC5ABA464C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4C81C7B-12C9-4A0F-9F7E-6607EE12E668.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE9C2055C-F7AD-4E75-8232-4F563FA2F764.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC1C70D3-5FF4-47C8-87D9-10BAB43B515E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEEB19FC0-21C2-4D46-80DA-6BC5DA0199B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF180343E-C60F-4B4F-9E71-D6CDD8C593FB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF714236C-1F14-4FE4-B2C3-E24E2D9663EE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB3F232E-9724-4BFC-880B-FE9896467632.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ricky\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\History\History.IE5\MSHist012007093020071001\index.dat Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\ricky\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ricky\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ricky\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

--------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 13:20:34, on 30/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...rch&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180607037482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180607184248
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D0F0FC-D1C8-433E-B932-23E8E70A9442}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--------------------------------

hi dave i'm not sure if this is related or not, but since doing these things my screen will turn off (as in still powered but a black screen and the power button turns yellow ), and when you 1st load it will go to the accounts screen, when you select an account it will go to load then turns off, i did have a problem before with freezing now and then, but this seems to be happening more now ? :(

thanks for all this help :thumbup:

#10 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 30 September 2007 - 02:26 PM

No, the display issue does not sound like or appear to be malware related. It sounds like a hardware issue, possibly the monitor itself, video card, connections. You should check the connections at both ends, the computer and the monitor. Can't think of what else it would be. Other than that how is it running? (once you can see it running).
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#11 batfink

batfink

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 01 October 2007 - 10:00 AM

hi dave, when i start the comp now it goes to boot, then just goes black, so i turn it off then back on and it will work ok for about 10 mins, then it will freeze, so i turn it off and back again on and it will work like it should, otherwise it is working fine now, thanks to you :thumbup:, i think it may be time for a new one :( , when i did the kaspersky scan it did say i had 1 virus, do you think it is the same one that avg reported about your uninstaller ? :wacko:

#12 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 01 October 2007 - 10:36 AM

Doesn't seem to be heat related, or at least overheating. As you says it keeps working fine after a while. Maybe it needs to "warm up", like an old car. :lol: ;) Sorry, just kidding. I would throw another monitor on there first and see if that solves it.

Kaspersky reported this as infected.

C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

CloseApp is a small command-line tool which closes all the running instances of the process whose executable name is specified as a parameter.

It's a free download. Sound familiar? I think it's fine. Many times Kaspersky will report things that aren't bad, false positives

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start>Help and Support>Undo changes to your computer with System Restore
Select Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

In addition to updating and using what you currently have you may want to consider the following:

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide
better security than the Windows Firewall.Sunbelt Personal Firewall
Outpost Firewall
For a tutorial on Firewalls and a listing of some other available ones see the link below:
Understanding and Using Firewalls

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Install SpywareGuard - SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
A tutorial on installing & using this product can be found here:
Using SpywareGuard to protect your computer from Spyware and Malware

Use IESpy-Ad -
IESpy-Ad will block access to malicious websites so you cannot be redirected to them from an infected site or email. Instructions for set up and use can be found at the website.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Here is a great link to a post here on securing your PC after an attack.

http://forums.tomcoy...mp;#entry257163

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#13 batfink

batfink

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 02 October 2007 - 06:57 PM

hi dave, thank you very much for the time you have spent helping me, i have now put avg anti-virus, zonealarm firewall and spybot on my comp, and i also use spy sweeper. the problem with closing an application is to do with spybot, and windows reports that i may have no anti-virus running :o , at the time i was using nod32 do you think my problem was there before installing nod32 ?, because i cant understand why it didnt pick it up :( , i used to use norton internet security, but i thought i would like to try something else and i heard/read that nod32 was rated the best anti-virus :huh: , once again i would like to thank you for your time and effort and i will be donating to here asap. thank you very much and i shall advise anyone who asks about problems to come to the forums :thumbup: .

#14 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 02 October 2007 - 07:43 PM

and windows reports that i may have no anti-virus running

Just make sure Nod32 is running and updated. It should be running in the background. Windows doesn't report properly on some of the AV's.

I don't really have any way of knowing how or when you were infected. But keep Nod32 updated and running, along with the other programs I advised, and you will hopefully not be infected in the future.

Regards,
Dave
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#15 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 06 October 2007 - 03:57 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users