PDA

View Full Version : Help Greatly Appreciated



DTheobald
2006-05-16, 14:02
My computer was taken over I assume awhile ago, many things have changed on my computer in the past month; ie: moniter flickers, mouse moves, taskbar alters between win xp(blue green) to windows classic every other day ... I recently had one of my friends wipe my 80GB HD and put my docs and programs on the 60GB... then moved the docs from the 60 to the 80, wipe it, and reformat, so that I had two clean hard drives... Put when i go to access my pictures or anything it states that I don't have access or the privledges to the files which sucks big time cause I have pictures of my son on there. I can't copy the files to a cd or move them at all and its getting frustrating... My friend suggested unplugging my cable modem for 24 hours so that i would receive a new IP address... But that didn't work cause after I did that; the whole task bar starting changing on me... I guess im begging for answers...

I have AVG Anit-Virus and Ad-Aware 6.0, but they don't seem to catch anything... I also have Armor2Net Personal Firewall... but I still have the problems... any way to save the files if i don't have access to them? I ran the three programs that tashi said to download, followed the steps exactly but don't know what to do now. Please help... I don't know what else to do....

Thanks for your time
Danielle

Here ar my reports:

SmitFraudFix v2.43

Scan done at 4:01:00.51, Tue 05/16/2006
Run from E:\Documents and Settings\Danielle\Desktop\Helpers\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» E:\


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Danielle\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\Danielle\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:50:18 AM, 5/13/2006
+ Report-Checksum: AFC8F4CA

+ Scan result:

C:\Documents and Settings\Danielle\Cookies\danielle@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
D:\Documents and Settings\Lil DT\Local Settings\Temp\temp.fr3958 -> Downloader.Zlob.nq : Cleaned with backup
D:\WINDOWS\system32\1024\ld5C72.tmp -> Not-A-Virus.Hoax.Win32.Renos.cv : Cleaned with backup
D:\WINDOWS\system32\1024\ld816C.tmp -> Not-A-Virus.Hoax.Win32.Renos.cv : Cleaned with backup
D:\WINDOWS\system32\dcomcfg.exe -> Downloader.Zlob.nw : Cleaned with backup
D:\WINDOWS\system32\hpBC3D.tmp -> Downloader.Zlob.nn : Cleaned with backup
D:\WINDOWS\system32\ldB777.tmp -> Downloader.Zlob.mr : Cleaned with backup
D:\WINDOWS\system32\regperf.exe -> Downloader.Zlob.mr : Cleaned with backup
:mozilla.6:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.7:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.20:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.21:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.22:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.23:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.24:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.25:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.26:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.32:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.33:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.44:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.51:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.52:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.53:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.54:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.57:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.68:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.69:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.70:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.81:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.83:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.89:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.90:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.97:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.110:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.116:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.117:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.128:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.130:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.133:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.134:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.135:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.136:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.137:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.139:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.140:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.141:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.142:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.143:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.144:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.145:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.146:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.147:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.148:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.163:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.164:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.165:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.166:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.167:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.168:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.169:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.170:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.171:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.172:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.173:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.185:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.186:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.197:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.198:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.199:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.200:E:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\emrixmye.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
E:\Program Files\RealVNC\VNC4\winvnc4.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4110 : Cleaned with backup


::Report End

DTheobald
2006-05-16, 14:03
Third Report


Logfile of HijackThis v1.99.1
Scan saved at 2:09:10 PM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
E:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
E:\Program Files\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Common Files\AOL\1147247667\ee\AOLSoftware.exe
D:\ClocX\ClocX.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE
C:\Program Files\Creative\SBLive\AudioHQ\ahqrun.exe
D:\ClocX\ClocX.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147247667\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ClocX] D:\ClocX\ClocX.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AutoEA] C:\Program Files\Creative\SBLive\AudioHQ\ahqrun.exe "C:\Program Files\Creative\SBLive\AudioHQ\AHQ\CTAutoEA.ahq" 0
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ClocX] D:\ClocX\ClocX.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146983709333
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

tashi
2006-05-20, 01:40
Hello and sorry for the wait. :(

If you are still in need of assistance please go here and post a link back to this topic to flag a helper.

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836) You can post there now.

LonnyRJones
2006-05-23, 11:22
Hi

Be sure to post current logs next time, that hijackthis log was from the 13th and posted 16th.

Run smithfraudfix option two then Ewido while the pc is in safe mode as described here.
http://forums.spybot.info/showthread.php?t=4015

tashi
2006-05-30, 21:55
This topic is closed.
If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.