Results 1 to 10 of 10

Thread: 7rft.com ads1.revenue.net online scanner blocking

  1. 2006-11-07, 14:29 #1
    plowboy
    plowboy is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default 7rft.com ads1.revenue.net online scanner blocking

    Hi, this is actually my first time posting since I have been usually able to solve problems like this on my own, but I guess we all need help from time to time anyway here goes:

    I have a 7r7t.com and a ads1.revenue.net infection, I also have
    an infection that will NOT allow me to run any online scanner, most say that
    they are unable to load, Trend Micro start to but then the bowser is closed and I am assuming its another program that doesn't want me to use any online scanner, I tried all of them in the list on this system.

    I couldn't even get panda to run.

    So I guess we need to get my system to where I can at least one of these
    scanners so here is my HJT log:


    Logfile of HijackThis v1.99.1
    Scan saved at 8:18:11 AM, on 11/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\WINDOWS\system32\tcpip.exe
    E:\WINDOWS\system32\wscntfy.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\wuauclt.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    E:\Program Files\acm\acm.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\Winamp\winampa.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - E:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - E:\Program Files\BHO Plugin\plugin1.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] E:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SS] E:\Program Files\acm\acm.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [PrevxOne] "E:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PSCastor] "E:\Program Files\PSCastor\PSCastor.exe"
    O4 - HKCU\..\Run: [Urxq] E:\Documents and Settings\jbradley-admin\Application Data\?asks\winspool.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162597428843
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - E:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
  2. 2006-11-08, 00:50 #2
    teacup61
    teacup61 is offline
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello plowboy,

    Welcome to Safer Networking Forums

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall.

    Thanks,
    tea
  3. 2006-11-08, 17:15 #3
    plowboy
    plowboy is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default combofix log HJT log next reply

    NOTE TO HELPER:

    (Because the requested information would not fit in one reply please check the next reply as the combined information was way more than 20000 chars. thank you)
    Ok, here we go, here is my combofix log:

    jbradley-admin - 06-11-08 10:23:25.25 Service Pack 2
    ComboFix 06.10.19 - Running from: "E:\Documents and Settings\jbradley-admin\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    E:\QooBox\Purity\Documents and Settings\jbradley-admin\My Documents\ICROSO~1
    E:\QooBox\Purity\Documents and Settings\jbradley-admin\My Documents\ICROSO~1\?icrosoft
    ((((((((((((((((((((((((((((((( Files Created from 2006-10-08 to 2006-11-08 ))))))))))))))))))))))))))))))))))
    2006-11-07 00:05 76,560 --a------ E:\WINDOWS\system32\drivers\tmcomm.sys
    2006-11-06 08:20 11,648 --a------ E:\WINDOWS\system32\drivers\pxscrmbl.sys
    2006-11-05 21:46 17,920 --a------ E:\WINDOWS\system32\tcpip.exe
    2006-11-05 21:43 8,464 --a------ E:\WINDOWS\system32\sporder.dll
    2006-11-05 21:43 2 --a------ E:\WINDOWS\system32\wapicc.exe
    2006-11-05 21:42 397,312 --a------ E:\WINDOWS\cfg32p.dll
    2006-11-05 21:42 1,259 --a------ E:\WINDOWS\system32\djibc9a7.sys
    2006-11-05 21:41 142 --a------ E:\WINDOWS\aiuap.dll
    2006-11-04 19:41 129,784 --------- E:\WINDOWS\system32\pxafs.dll
    2006-11-03 20:51 121,856 --------- E:\WINDOWS\system32\xmllite.dll
    2006-11-03 20:06 221,184 --a------ E:\WINDOWS\system32\wmpns.dll
    2006-11-03 18:45 18,200 --a------ E:\WINDOWS\system32\wups2.dll
    2006-11-03 15:55 2,560 --------- E:\WINDOWS\system32\drivers\cdralw2k.sys
    2006-11-03 15:55 2,432 --------- E:\WINDOWS\system32\drivers\cdr4_xp.sys
    2006-11-03 15:55 157,352 --------- E:\WINDOWS\system32\pxwma.dll
    2006-11-03 15:49 22,752 --a------ E:\WINDOWS\system32\spupdsvc.exe
    2006-10-27 15:09 6,049,280 --------- E:\WINDOWS\system32\ieframe.dll
    2006-10-27 15:09 50,688 --------- E:\WINDOWS\system32\msfeedsbs.dll
    2006-10-27 15:09 458,752 --------- E:\WINDOWS\system32\msfeeds.dll
    2006-10-27 15:09 180,736 --------- E:\WINDOWS\system32\ieui.dll
    2006-10-27 02:44 13,312 --a------ E:\WINDOWS\system32\ieudinit.exe
    2006-10-24 19:45 15,360 --a------ E:\WINDOWS\system32\BASSMOD.dll
    2006-10-18 16:46 30 --a------ E:\logoff.bat
    2006-10-17 13:05 206,336 --------- E:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:58 61,952 --------- E:\WINDOWS\system32\icardie.dll
    2006-10-17 12:58 12,288 --------- E:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 12:57 266,752 --------- E:\WINDOWS\system32\iertutil.dll
    2006-10-17 12:27 380,928 --------- E:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 20:18 87,424 --a------ E:\WINDOWS\system32\drivers\aswmon2.sys
    2006-10-13 20:18 85,952 --a------ E:\WINDOWS\system32\drivers\aswmon.sys
    2006-10-13 20:18 36,176 --a------ E:\WINDOWS\system32\drivers\aswTdi.sys
    2006-10-13 20:18 24,560 --a------ E:\WINDOWS\system32\drivers\aavmker4.sys
    2006-10-13 20:18 16,352 --a------ E:\WINDOWS\system32\drivers\aswRdr.sys
    2006-10-13 20:17 90,112 --a------ E:\WINDOWS\system32\AVASTSS.scr
    2006-10-13 20:17 666,240 --a------ E:\WINDOWS\system32\aswBoot.exe
    2006-10-13 20:17 1,060,864 --a------ E:\WINDOWS\system32\MFC71.dll
    2006-10-13 13:20 29,968 --a------ E:\WINDOWS\system32\mdimon.dll
    2006-10-12 18:17 54,272 --a------ E:\WINDOWS\system32\DrvTrNTm.dll
    2006-10-12 18:17 106,496 --a------ E:\WINDOWS\system32\DrvTrNTl.dll
    2006-10-12 18:03 344,064 --a------ E:\WINDOWS\system32\msvcr70.dll
    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
    2006-11-08 08:17 -------- d-------- E:\Program Files\Mozilla Firefox
    2006-11-08 02:04 -------- d-------- E:\Program Files\Citrus Alarm Clock
    2006-11-07 00:05 -------- d-------- E:\Program Files\Internet Explorer
    2006-11-06 20:54 -------- d-------- E:\Program Files\Lavasoft
    2006-11-06 20:54 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Lavasoft
    2006-11-06 19:52 -------- d--h----- E:\Program Files\BHO Plugin
    2006-11-06 17:46 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\çasks
    2006-11-06 08:26 -------- d-------- E:\Program Files\Common Files
    2006-11-06 02:16 -------- d-------- E:\Program Files\Windows Media Player
    2006-11-06 00:07 -------- d-------- E:\Program Files\MSN Gaming Zone
    2006-11-05 21:45 517 --a------ E:\Program Files\Common Files\mevo
    2006-11-05 20:00 -------- d--h----- E:\Program Files\InstallShield Installation Information
    2006-11-05 20:00 -------- d-------- E:\Program Files\Prescient Systems
    2006-11-04 20:35 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Winamp
    2006-11-04 20:33 -------- d-------- E:\Program Files\Common Files\NSV
    2006-11-04 19:42 -------- d-------- E:\Program Files\Winamp
    2006-11-04 12:50 -------- d-------- E:\Program Files\Pix2Fone
    2006-11-04 12:49 -------- d-------- E:\Program Files\Microsoft Office
    2006-11-04 12:49 -------- d-------- E:\Program Files\Common Files\Microsoft Shared
    2006-11-04 12:31 -------- d-------- E:\Program Files\freeFTPd
    2006-11-04 12:31 -------- d-------- E:\Program Files\EzPhone Recorder Pro 1.0
    2006-11-04 11:37 -------- d-------- E:\Program Files\Real
    2006-11-04 00:58 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Roxio
    2006-11-04 00:53 -------- d-------- E:\Program Files\Napster
    2006-11-03 22:06 -------- d-------- E:\Program Files\Common Files\Napster Shared
    2006-11-03 22:05 -------- d-------- E:\Program Files\Common Files\InstallShield
    2006-11-03 21:19 -------- d-------- E:\Program Files\Messenger
    2006-11-03 20:07 -------- d-------- E:\Program Files\Outlook Express
    2006-11-03 20:07 -------- d-------- E:\Program Files\Common Files\System
    2006-11-03 15:56 -------- d-------- E:\Program Files\Yahoo!
    2006-11-03 15:55 -------- d-------- E:\Program Files\Common Files\SureThing Shared
    2006-11-03 15:54 -------- d-------- E:\Program Files\illiminable
    2006-11-01 16:30 -------- d---s---- E:\Documents and Settings\jbradley-admin\Application Data\Microsoft
    2006-10-27 15:09 413696 --a------ E:\WINDOWS\system32\vbscript.dll
    2006-10-27 15:09 231424 --a------ E:\WINDOWS\system32\webcheck.dll
    2006-10-27 15:09 156160 --a------ E:\WINDOWS\system32\msls31.dll
    2006-10-27 02:44 71680 --a------ E:\WINDOWS\system32\admparse.dll
    2006-10-27 02:44 55296 --a------ E:\WINDOWS\system32\iesetup.dll
    2006-10-27 02:44 54784 --a------ E:\WINDOWS\system32\ie4uinit.exe
    2006-10-27 02:44 43008 --a------ E:\WINDOWS\system32\iernonce.dll
    2006-10-27 02:44 382976 --a------ E:\WINDOWS\system32\iedkcs32.dll
    2006-10-27 02:44 229376 --a------ E:\WINDOWS\system32\ieaksie.dll
    2006-10-27 02:44 152064 --a------ E:\WINDOWS\system32\ieakeng.dll
    2006-10-27 02:44 123904 --a------ E:\WINDOWS\system32\advpack.dll
    2006-10-27 02:42 161792 --a------ E:\WINDOWS\system32\ieakui.dll
    2006-10-24 21:14 -------- d-------- E:\Program Files\EzPhone Recorder 1.1
    2006-10-23 22:32 -------- d-------- E:\Program Files\Foxit Software
    2006-10-23 17:56 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Macromedia
    2006-10-21 20:17 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Real
    2006-10-21 20:13 -------- d-------- E:\Program Files\Common Files\xing shared
    2006-10-21 20:13 -------- d-------- E:\Program Files\Common Files\Real
    2006-10-21 15:52 -------- d-------- E:\Program Files\Universal Extractor
    2006-10-19 17:25 -------- d-------- E:\Program Files\A Simple Roman Numeral Converter
    2006-10-18 21:58 -------- d-------- E:\Program Files\acm
    2006-10-18 00:33 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Apple Computer
    2006-10-17 13:06 78336 --a------ E:\WINDOWS\system32\ieencode.dll
    2006-10-17 13:05 40960 --a------ E:\WINDOWS\system32\licmgr10.dll
    2006-10-17 13:05 105984 --a------ E:\WINDOWS\system32\url.dll
    2006-10-17 13:04 101376 --a------ E:\WINDOWS\system32\occache.dll
    2006-10-17 13:03 17408 --a------ E:\WINDOWS\system32\corpol.dll
    2006-10-17 12:57 36352 --a------ E:\WINDOWS\system32\imgutil.dll
    2006-10-17 12:56 45568 --a------ E:\WINDOWS\system32\mshta.exe
    2006-10-17 12:28 48128 --a------ E:\WINDOWS\system32\mshtmler.dll
    2006-10-16 20:18 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Sun
    2006-10-14 15:04 -------- d-------- E:\Program Files\Image ReSizer 1.0
    2006-10-13 20:17 -------- d-------- E:\Program Files\Alwil Software
    2006-10-13 20:08 -------- d-------- E:\Program Files\LimeWire
    2006-10-13 13:16 -------- d-------- E:\Program Files\Microsoft Visual Studio
    2006-10-13 13:16 -------- d-------- E:\Program Files\Common Files\DESIGNER
    2006-10-13 13:15 -------- d-------- E:\Program Files\Microsoft.NET
    2006-10-13 13:15 -------- d-------- E:\Program Files\Microsoft Works
    2006-10-13 09:45 -------- d-------- E:\Program Files\Camstreams Encoder
    2006-10-13 09:44 -------- d-------- E:\Program Files\Windows Media Components
    2006-10-12 20:20 -------- d-------- E:\Program Files\Abyss Web Server
    2006-10-12 18:17 -------- d-------- E:\Program Files\HighCriteria
    2006-10-12 18:04 -------- d-------- E:\Program Files\Audio Recorder for FREE
    2006-10-08 16:12 -------- d-------- E:\Program Files\PowerArchiver
    2006-10-07 19:36 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\vlc
    2006-10-07 19:32 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\LimeWire
    2006-10-07 13:28 -------- d-------- E:\Program Files\Java
    2006-10-07 13:27 -------- d-------- E:\Program Files\Common Files\Java
    2006-10-03 12:21 36528 --------- E:\WINDOWS\system32\drivers\PxHelp20.sys
    2006-10-03 12:21 115880 --------- E:\WINDOWS\system32\pxinsi64.exe
    2006-10-03 12:21 114856 --------- E:\WINDOWS\system32\pxcpyi64.exe
    2006-09-28 19:00 -------- d-------- E:\Program Files\Grisoft
    2006-09-28 15:24 -------- d-------- E:\Program Files\ProfInfoTech
    2006-09-27 16:02 -------- d-------- E:\Program Files\Google
    2006-09-24 08:10 774144 --a------ E:\Program Files\RngInterstitial.dll
    2006-09-15 08:58 -------- d-------- E:\Program Files\Future Systems Solutions
    2006-09-15 08:55 -------- d-------- E:\Program Files\Total Uninstall 3
    2006-09-15 08:33 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Help
    2006-09-15 08:04 -------- d-------- E:\Program Files\PowerQuest
    2006-09-14 06:59 -------- dr-h----- E:\Program Files\rnamfler
    2006-09-13 17:15 3888 --a------ E:\WINDOWS\system32\drivers\NTHANDLE.SYS
    2006-09-13 00:01 1084416 --a------ E:\WINDOWS\system32\msxml3.dll
    2006-09-11 17:42 -------- d-------- E:\Program Files\Veo Stingray
    2006-09-10 02:52 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\acccore
    2006-09-10 02:51 -------- d-------- E:\Program Files\Common Files\Nullsoft
    2006-09-09 09:22 -------- d-------- E:\Program Files\Musicmatch
    2006-09-09 09:21 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Musicmatch
    2006-09-09 08:46 503808 --a------ E:\WINDOWS\system32\msvcp71.dll
    2006-09-09 08:46 348160 --a------ E:\WINDOWS\system32\msvcr71.dll
    2006-09-09 08:45 89088 --a------ E:\WINDOWS\system32\atl71.dll
    2006-09-09 08:45 1047552 --a------ E:\WINDOWS\system32\mfc71u.dll
    2006-09-09 06:43 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Mozilla
    2006-09-08 00:41 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Identities
    2006-09-06 20:06 62 --ahs---- E:\Documents and Settings\jbradley-admin\Application Data\desktop.ini
    2006-09-06 19:40 1502 --ahs---- E:\WINDOWS\rreg64.dll
    2006-09-06 19:40 1462 --ahs---- E:\WINDOWS\utapi64.dll
    2006-08-25 10:45 617472 --a------ E:\WINDOWS\system32\comctl32.dll
    2006-08-21 07:21 16896 --a------ E:\WINDOWS\system32\fltlib.dll
    2006-08-21 04:14 23040 --a------ E:\WINDOWS\system32\fltmc.exe
    2006-08-16 06:58 100352 --a------ E:\WINDOWS\system32\6to4svc.dll
    2006-08-11 19:52 33040 --a------ E:\WINDOWS\system32\FM20ENU.DLL
    2006-08-11 19:52 1190664 --a------ E:\WINDOWS\system32\FM20.DLL
    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries are not shown
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"
    "Urxq"="E:\\Documents and Settings\\jbradley-admin\\Application Data\\?asks\\winspool.exe"
    "Citrus Alarm Clock"="E:\\Program Files\\Citrus Alarm Clock\\citrusac.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ISUSPM Startup"="\"E:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
    "ISUSScheduler"="\"E:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "MimBoot"="E:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
    "MMTray"="\"E:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
    "SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
    "TotalRecorderScheduler"="\"E:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\""
    "avast!"="E:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "SS"="E:\\Program Files\\acm\\acm.exe"
    "TkBellExe"="\"E:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "WinampAgent"="E:\\Program Files\\Winamp\\winampa.exe"
    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000000
    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="E:\\Program Files\\Windows Media Player\\podobixi.html"
    "SubscribedURL"=""
    "FriendlyName"=""
    "Flags"=dword:00002000
    "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
    03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
    "CurrentState"=dword:40000001
    "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
    00,00,01,00,00,00
    "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00
    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    "Source"="E:\\Program Files\\MSN Gaming Zone\\mebe.html"
    "SubscribedURL"=""
    "FriendlyName"=""
    "Flags"=dword:00002000
    "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
    03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
    "CurrentState"=dword:40000001
    "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
    00,00,01,00,00,00
    "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00
    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
    03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=dword:40000004
    "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
    00,00,01,00,00,00
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=dword:00000000
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=dword:00000000
    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    Completion time: 06-11-08 10:26:45.00
    E:\ComboFix.txt ... 06-11-08 10:26

    My HJT log is in the next reply since they both wouldn't fit in one message.
  4. 2006-11-08, 17:18 #4
    plowboy
    plowboy is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default My HJT log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:30:01 AM, on 11/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\WINDOWS\system32\tcpip.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\wscntfy.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\Program Files\acm\acm.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\Winamp\winampa.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
    E:\Program Files\acm\acm.exe
    E:\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - E:\Program Files\BHO Plugin\plugin1.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] E:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SS] E:\Program Files\acm\acm.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Urxq] E:\Documents and Settings\jbradley-admin\Application Data\?asks\winspool.exe
    O4 - HKCU\..\Run: [Citrus Alarm Clock] E:\Program Files\Citrus Alarm Clock\citrusac.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162597428843
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    Sorry about the multiple replies but it was the only way I could think of to get both logs posted since they wouldn't fit in one post.
  5. 2006-11-08, 21:27 #5
    teacup61
    teacup61 is offline
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    hello,

    Navigate to E:\\Program Files\\Windows Media Player

    Delete the following file in bold: podobixi.html

    Navigate to E:\\Program Files\\MSN Gaming Zone

    Delete the following file in bold: mebe.html

    Then Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

    Also remove the checkmark from the the Lock Desktop Items box if it is checked.
    Apply.
    Apply and Exit Display properties.

    Please download, install, and update AVG Anti-Spyware (formerly Ewido)
    1. Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
    2. After the update finishes (the status bar at the bottom will display "Update successful")
    3. Close ewido. Do not run it yet.


    Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

    Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

    O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - E:\Program Files\BHO Plugin\plugin1.dll
    O4 - HKCU\..\Run: [Urxq] E:\Documents and Settings\jbradley-admin\Application Data\?asks\winspool.exe

    Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

    Delete the following folders, if present:

    E:\Program Files\BHO Plugin
    E:\Documents and Settings\jbradley-admin\Application Data\?asks

    • In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
    • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
    • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
    • Restart back into Normal Mode.


    In your reply, please post the report form Avg and a new HijackThis log. Let me know how your computer is running.

    Thanks,
    tea
  6. 2006-11-12, 21:29 #6
    plowboy
    plowboy is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default Here is the HJT log

    I have a question, I have a question, my AVG log is 28 pages long so I can't fit it into a single post, is their some other way you want me to post it or make it available to you?

    Also, my system doesn't have popups, but it is still running slower than normal (example, when I click start, it takes about 30 seconds for the system
    to get around to opening the menu, same with opening/closing programs) I can't find any processes in task manager hogging memory so I have no idea whats causing that. Also, everytime I log in to windows, my documents folder opens up. It's not bad, just annoying.

    Anyway here's the HJT log after the scan and cleaning, please tell me how
    to get the AVG log to you, thanks.

    JB


    Logfile of HijackThis v1.99.1
    Scan saved at 7:39:01 AM, on 11/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\WINDOWS\system32\wscntfy.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
    E:\Program Files\acm\acm.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
    E:\Program Files\Winamp\winampa.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
    E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Citrus Alarm Clock\citrusac.exe
    E:\Program Files\Skype\Phone\Skype.exe
    E:\Program Files\Windows NT\Accessories\wordpad.exe
    E:\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] E:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SS] E:\Program Files\acm\acm.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Citrus Alarm Clock] E:\Program Files\Citrus Alarm Clock\citrusac.exe
    O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162597428843
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: TCP and UDP Support - Unknown owner - E:\WINDOWS\system32\tcpip.exe (file missing)
  7. 2006-11-12, 21:43 #7
    plowboy
    plowboy is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default

    Note, my AVG log is 28 pages long, please tell me how to get it to you-thanks. I also couldn't find the first few files you asked me to delete, also I know longer have popups but the sys is still real slow.


    Logfile of HijackThis v1.99.1
    Scan saved at 7:39:01 AM, on 11/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\WINDOWS\system32\wscntfy.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
    E:\Program Files\acm\acm.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
    E:\Program Files\Winamp\winampa.exe
    E:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
    E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Citrus Alarm Clock\citrusac.exe
    E:\Program Files\Skype\Phone\Skype.exe
    E:\Program Files\Windows NT\Accessories\wordpad.exe
    E:\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] E:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SS] E:\Program Files\acm\acm.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Citrus Alarm Clock] E:\Program Files\Citrus Alarm Clock\citrusac.exe
    O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162597428843
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: TCP and UDP Support - Unknown owner - E:\WINDOWS\system32\tcpip.exe (file missing)
  8. 2006-11-15, 20:23 #8
    teacup61
    teacup61 is offline
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    plowboy did you get my message?
  9. 2006-11-18, 17:41 #9
    teacup61
    teacup61 is offline
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello,

    Got it, thanks.

    Multiple accounts, and cracks.....okie dokie. Now I know how you got infected!

    Please do the following for each account on the system:

    Please download ATF Cleaner by Atribune.
    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.]

    Now run AVG again....post the report here, using as many posts as you need to. Also please post a fresh HijackThis log.

    Thanks,
    tea
  10. 2006-11-27, 18:54 #10
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    This topic is closed due to lack of a response to helper, if you need it re-opened please send me a private message (pm) and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules