PDA

View Full Version : Help: Cmdservice, etc



LgL16
2007-04-13, 02:05
Hi. I've been having problems with my computer for a few days now (cant stay online, running slow, etc). I'm pretty sure one of the problems is cmdservice, which I have found on the computer, as well as other files I havent identified yet. Would someone please look through my Hijackthis logfile and tell me what problems they see in it and how to fix any of those problems. Thank you very much.

Logfile of HijackThis v1.99.1
Scan saved at 6:52:14 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1142129025\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\{603DA814-0510-1033-0309-010330050001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\??stem\nslookup.exe
C:\PROGRA~1\COMMON~1\CROSOF~1\mmc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\WgaTray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Jacqueline\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

-Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1142129025\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio

Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

-startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"

--force_start_minimized
O4 - HKCU\..\Run: [Hwz] C:\WINNT\system32\??pPatch\wowexec.exe
O4 - HKCU\..\Run: [Hko] C:\WINNT\??stem\nslookup.exe
O4 - HKCU\..\Run: [Snir] "C:\PROGRA~1\COMMON~1\CROSOF~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online

9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic

Shared\CineTray.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback

Panel\wfpuser.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\zesbwbqpcam.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\zesbwbqpcam.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\zesbwbqpcam.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\zesbwbqpcam.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\zesbwbqpcam.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\zesbwbqpcam.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) -

http://yulib002.mc.yu.edu:2533/lib/yeshiva/support/plugins/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) -

http://aolsvc.aol.com/onlinegames/free-trial-mahjong-escape-ancient-japan/SpinTopGamesLaunch

er.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -

http://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -

http://aolpoweredby.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) -

http://aolsvc.aol.com/onlinegames/oberonmajongescape/PTGameLauncher.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -

Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home

8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program

Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

C:\WINNT\wanmpsvc.exe

teacup61
2007-04-14, 17:06
Hello LgL16,

Welcome to Safer Networking Forums :)

Look in your control panel's add/remove programs for PuritySCAN By OIN, OuterInfo, OIN, Cowabanga, SnowballWars or similar. Click on it and then click remove.

Reboot and if found, delete this folder:

C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
http://www.outerinfo.com/howto.html
Tutorial for the uninstaller if needed

Reboot when done and if found, delete this folder:

C:\Program Files\PurityScan

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

LgL16
2007-04-14, 20:20
First let me say thank you for helping me.Ok I did what you said. I found outerinfo on my computer. I unstalled it and reboot it. Howerver I did not find C:\Program Files\PurityScan Once I rebooted. So I did what you suggested second which was to use outerinfo uninstaller from their website. Unfortunetly it wont let me download it, it says MY SECRUITY SETTINGs do not allow me to download it. I dont think this is the case however because I purposely put my settings low to download it and it still gave me the same message (I put it back to normal settings) I'm not sure if the problem is on my end or the company is trying to block me. Either way I did a combofix afterwards for you to see here it is:

"Jacqueline" - 07-04-14 13:03:41 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Jacqueline\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\inetget2\Installeur.exe
C:\Program Files\Common Files\{303DA~1\Bar888.dll
C:\Program Files\Common Files\{303DA~1\UnInstall.exe
C:\Program Files\Common Files\{603DA~1\Update.exe
C:\WINNT\system32\svchosts.exe
C:\WINNT\system32\unsvchosts.exe
C:\WINNT\system32\zesbwbqpcam.dll
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\Common Files\{303DA~1
C:\Program Files\Common Files\{603DA~1
C:\cp1041.nls
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\WINNT\STEM~1
C:\qoobox\purity\WINNT\system32\PPATCH~1

Infected copy of C:\WINNT\system32\drivers\ndis.sys was found & disinfected
Restored copy from - "C:\WINNT\system32\dllcache\ndis.sys"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\Client IP-IPX
-------\cmdService
-------\ntldr
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NTLDR


((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 ))))))))))))))))))))))))))))))))))


2007-04-10 15:55 <DIR> d-------- C:\Program Files\PlayLinc
2007-04-08 11:57 <DIR> d-------- C:\WINNT\oquf
2007-04-08 11:57 <DIR> d-------- C:\Program Files\Common Files\oquf
2007-04-08 11:22 <DIR> d--hs---- C:\WINNT\SmFjcXVlbGluZQ
2007-03-27 20:05 81,920 --a------ C:\WINNT\system\BIVBX11.DLL
2007-03-21 19:35 <DIR> d--h----- C:\DOCUME~1\JACQUE~1\APPLIC~1\Move Networks
2007-03-18 16:44 <DIR> d-------- C:\Program Files\Zylom Games
2007-03-16 19:15 <DIR> d-------- C:\Program Files\iTunes
2007-03-15 12:23 497,496 --a------ C:\WINNT\system32\XceedZip.dll
2007-03-15 12:19 526,184 --a------ C:\WINNT\system32\XceedCry.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-10 15:47 -------- d-------- C:\Program Files\verizon
2007-03-31 09:34 -------- d-------- C:\Program Files\java
2007-03-16 19:14 -------- d-------- C:\Program Files\quicktime
2007-03-15 19:54 -------- d-------- C:\Program Files\divx
2007-03-14 17:52 -------- d--h----- C:\Program Files\installshield installation information
2007-03-14 16:00 2404 --a------ C:\WINNT\system32\d3d9caps.dat
2007-03-11 15:28 49424 --a------ C:\DOCUME~1\JACQUE~1\APPLIC~1\gdipfontcachev1.dat
2007-02-23 00:29 524288 --a------ C:\WINNT\system32\divxsm.exe
2007-02-23 00:29 36624 --------- C:\WINNT\system32\drivers\pxhelp20.sys
2007-02-23 00:29 3596288 --a------ C:\WINNT\system32\qt-dx331.dll
2007-02-23 00:29 200704 --a------ C:\WINNT\system32\ssldivx.dll
2007-02-23 00:29 129784 --------- C:\WINNT\system32\pxafs.dll
2007-02-23 00:29 118520 --------- C:\WINNT\system32\pxinsi64.exe
2007-02-23 00:29 116472 --------- C:\WINNT\system32\pxcpyi64.exe
2007-02-23 00:29 1044480 --a------ C:\WINNT\system32\libdivx.dll
2007-02-23 00:25 823296 --a------ C:\WINNT\system32\divx_xx0c.dll
2007-02-23 00:25 823296 --a------ C:\WINNT\system32\divx_xx07.dll
2007-02-23 00:25 802816 --a------ C:\WINNT\system32\divx_xx11.dll
2007-02-23 00:25 73728 --a------ C:\WINNT\system32\dpl100.dll
2007-02-23 00:25 639066 --a------ C:\WINNT\system32\divx.dll
2007-02-23 00:25 593920 --a------ C:\WINNT\system32\dpugui11.dll
2007-02-23 00:25 57344 --a------ C:\WINNT\system32\dpv11.dll
2007-02-23 00:25 53248 --a------ C:\WINNT\system32\dpugui10.dll
2007-02-23 00:25 344064 --a------ C:\WINNT\system32\dpus11.dll
2007-02-23 00:25 294912 --a------ C:\WINNT\system32\dpu11.dll
2007-02-23 00:25 294912 --a------ C:\WINNT\system32\dpu10.dll
2007-02-23 00:25 196608 --a------ C:\WINNT\system32\dtu100.dll
2007-02-17 00:29 -------- d-------- C:\Program Files\viewpoint
2007-02-15 21:40 124472 --a------ C:\WINNT\system32\divxcodecupdatechecker.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1142129025\\ee\\AOLSoftware.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"A Verizon App"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"
@=""
"RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe\""
"DLA"="C:\\WINNT\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Verizon_McciTrayApp"="C:\\Program Files\\Verizon\\McciTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1127433246.job
C:\WINNT\tasks\WindowsReliabilityMetrics.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-14 13:11:07
C:\ComboFix-quarantined-files.txt ... 07-04-14 13:11

and here is the hijackthis lofile:

Logfile of HijackThis v1.99.1
Scan saved at 1:18:33 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1142129025\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINNT\system32\WgaTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jacqueline\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142129025\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://yulib002.mc.yu.edu:2533/lib/yeshiva/support/plugins/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-escape-ancient-japan/SpinTopGamesLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://aolpoweredby.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://aolsvc.aol.com/onlinegames/oberonmajongescape/PTGameLauncher.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

teacup61
2007-04-14, 21:31
Hello,

Delete these, if present:

C:\WINNT\oquf
C:\Program Files\Common Files\oquf
C:\WINNT\SmFjcXVlbGluZQ

Reboot your computer.

Please go Here to run Panda's ActiveScan. (You must use IE for this one). http://www.pandasoftware.com/products/activescan.htm
Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button.
Enter your State/Providence
Enter your E-mail address and click send.
Select either Home user or Company.

Click the big Scan Now button

* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

When the download is complete, click on My Computer to start the scan.

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).
Post the contents of the ActiveScan report, please, and let me know how it's running now. :)

Thanks,
tea

LgL16
2007-04-16, 22:18
Hi I did what you suggested. I found the oquf folders and got rid of them. I didnt find the third one on my computer. I ran the Panda scan three times but after it being about a quarter done it always closes out my IE. It always shows about 20 or so spyware before it does though. Is there another active scan I can try because this one seems not to work for me.

As far as my computer. It is running much better. I no longer have connection issues (which was a huge problem with finals coming) and it does run smoother. However I still think I have spyware at least on it (as I mentioned the Panda scan shows some before it closes and I have done spybot scans that find cmdservice). So any other help you can render would be much appreciated. Thank you.

teacup61
2007-04-17, 00:36
Hello,

Glad to know everything is better. :)

Is Spybot still finding cmdservice?

Try this scanner :

Please download, install, and update AVG Anti-Spyware (formerly Ewido) (http://www.ewido.net/en/download/)

Load AVG and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).


In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)

Thanks,
tea

LgL16
2007-04-18, 01:30
Ok I used the AVG anti- spyware thing as you said. It found over 100 things, mostly minor cookies. However it did find purity as well as other stuff but its recommanded action was to ignore them. Like I said before my computer is still running fine now thanks to you but clearly theres a bunch of spyware and other stuff on it. I would appreciate help in getting rid of them. Thank you. heres the report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:23:11 PM 4/17/2007

+ Scan result:



C:\Documents and Settings\Jacqueline\Local Settings\Temporary Internet Files\Content.IE5\I825BDCC\mm[1].js -> Adware.Chitika : Ignored.
C:\QooBox\Quarantine\Program Files\Common Files\{303DA~1\Bar888.dll.vir -> Adware.Lucky : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060403.dll -> Adware.Lucky : Ignored.
C:\Documents and Settings\Jacqueline\Desktop\backups\backup-20070412-132455-998.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP484\A0058475.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP484\A0058508.exe -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP485\A0059092.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060387.exe -> Adware.PurityScan : Ignored.
C:\QooBox\Quarantine\Program Files\Common Files\{603DA~1\Update.exe.vir -> Adware.Softomate : Ignored.
C:\RECYCLER\S-1-5-18\Dc39\Update.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060405.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP483\A0057419.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP483\A0057420.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP483\A0057421.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060360.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060361.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060362.dll -> Adware.WebHancer : Ignored.
C:\Documents and Settings\Jacqueline\Local Settings\Temporary Internet Files\Content.IE5\CP2385QF\bblp[1].htm -> Downloader.Agent.ab : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacqueline\Local Settings\Temporary Internet Files\Content.IE5\LJBTR5JO\jl[1].htm -> Downloader.Agent.ab : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacqueline\Local Settings\Temporary Internet Files\Content.IE5\U9SJ2HY1\tucci[1].htm -> Downloader.Agent.ab : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\WINNT\system32\svchosts.exe.vir -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060406.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060390.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP485\A0060271.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacqueline\Local Settings\Temporary Internet Files\Content.IE5\PZ9ATLDE\index[2].htm -> Not-A-Virus.Exploit.HTML.IESlice.i : Ignored.
C:\QooBox\Quarantine\WINNT\system32\drivers\ndis.sys.vir -> Not-A-Virus.SpamTool.Win32.Agent.u : Ignored.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060409.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Ignored.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.166:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.46:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.160:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@ads.guardian.co[1].txt -> TrackingCookie.Co : Cleaned.
:mozilla.51:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.29:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.72:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.73:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.178:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.191:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.30:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.31:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.32:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.33:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.111:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.115:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.116:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.117:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.118:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.119:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.120:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.55:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.129:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.131:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.132:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.45:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@a.total-media[1].txt -> TrackingCookie.Total-media : Cleaned.
:mozilla.143:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.157:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.158:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\kwgsb6wa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\QooBox\Quarantine\WINNT\system32\zesbwbqpcam.dll.vir -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060408.dll -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP484\A0058476.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060388.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SmFjcXVlbGluZQ\mAI3wrp5v35Rtk.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\WINNT\system32\unsvchosts.exe.vir -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060407.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).


::Report end

LgL16
2007-04-18, 01:31
heres the hijackthis logfile (too many characters for previous post):

Logfile of HijackThis v1.99.1
Scan saved at 6:26:50 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1142129025\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINNT\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jacqueline\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142129025\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://yulib002.mc.yu.edu:2533/lib/yeshiva/support/plugins/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-escape-ancient-japan/SpinTopGamesLauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://aolpoweredby.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://aolsvc.aol.com/onlinegames/oberonmajongescape/PTGameLauncher.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

teacup61
2007-04-18, 06:08
Hello,

It isn't as bad as you think. :) A lot of that is in system restore and out of action, and some are quarantined and out of action.

* Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Change the settings on AVG to "delete", then run it again. Post the report, please, in your reply.

Thanks,
tea

LgL16
2007-04-18, 23:59
ok my computer is running great now. Thank you so much. Is there anything else I can do? or is this basically it? Heres the final avg report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:54:10 PM 4/18/2007

+ Scan result:



C:\QooBox\Quarantine\Program Files\Common Files\{303DA~1\Bar888.dll.vir -> Adware.Lucky : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060403.dll -> Adware.Lucky : Cleaned.
C:\Documents and Settings\Jacqueline\Desktop\backups\backup-20070412-132455-998.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP484\A0058475.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP484\A0058508.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP485\A0059092.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060387.exe -> Adware.PurityScan : Cleaned.
C:\QooBox\Quarantine\Program Files\Common Files\{603DA~1\Update.exe.vir -> Adware.Softomate : Cleaned.
C:\RECYCLER\S-1-5-18\Dc39\Update.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060405.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP483\A0057419.exe -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP483\A0057420.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP483\A0057421.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060360.exe -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060361.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060362.dll -> Adware.WebHancer : Cleaned.
C:\QooBox\Quarantine\WINNT\system32\drivers\ndis.sys.vir -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP486\A0060409.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned.
C:\System Volume Information\_restore{44368D6B-5965-4ACF-B9F9-40D657757AAD}\RP489\A0061699.vbs -> Trojan.Small : Cleaned.


::Report end

and here is the hijackthis file in case u need it too:

Logfile of HijackThis v1.99.1
Scan saved at 4:57:24 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1142129025\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\WgaTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jacqueline\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142129025\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://yulib002.mc.yu.edu:2533/lib/yeshiva/support/plugins/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-escape-ancient-japan/SpinTopGamesLauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://aolpoweredby.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://aolsvc.aol.com/onlinegames/oberonmajongescape/PTGameLauncher.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

teacup61
2007-04-19, 01:04
Hello,

You can delete ComboFix and the Qoobox folder.

Install an AntiVirus!!!

AVG (http://free.grisoft.com/freeweb.php/doc/2/), Avira (http://www.free-av.com/) OR Avast (http://www.avast.com/) are good FREE antivirus.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Now run AVG again to be sure that's all gone, and let me know what your new AntiVirus found, if anything. :bigthumb:

Thanks,
tea

LgL16
2007-04-19, 02:43
Ok I did it again. It didnt really find anything just some cookies. Thank you very much. Here's the report if your interested:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:39:19 PM 4/18/2007

+ Scan result:



C:\Documents and Settings\Jacqueline\Cookies\jacqueline@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacqueline\Cookies\jacqueline@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end

teacup61
2007-04-19, 05:54
Of course I'm interested. Thanks, that looks much better.:bigthumb: And the HijackThis log please? :)

LgL16
2007-04-19, 20:00
Sorry forgot my Hijack this log. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 12:58:03 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1142129025\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINNT\system32\WgaTray.exe
C:\Documents and Settings\Jacqueline\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142129025\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://yulib002.mc.yu.edu:2533/lib/yeshiva/support/plugins/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-escape-ancient-japan/SpinTopGamesLauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://aolpoweredby.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://aolsvc.aol.com/onlinegames/oberonmajongescape/PTGameLauncher.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

teacup61
2007-04-19, 21:20
There is still no AntiVirus installed. :sad: I gave you some good free ones to choose from. If you don't install one of them it's only a matter of time before you get infected again. :sad:

tashi
2007-04-23, 19:46
Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

As teacup said, please install an Anti Virus program.