Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Zlob.Downloader found - can't delete it

  1. #1
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default Zlob.Downloader found - can't delete it

    I ran Spybot twice today and Zlob.Downloader trojan came up. I tried fixing it but it shows up in S&D again. I followed the instructions in *"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D* and here is what I came up with:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:58:32 PM, on 12/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\LogMeIn\RaMaint.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\LogMeIn\LogMeInSystray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\LogMeIn\LogMeIn.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\Medion\PowerVCR II\RemoteAgent.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
    O16 - DPF: {546B1745-1674-4089-A56A-171B67631F8D} - http://66.197.233.53/ImageControl.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01dbf0dc...p/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097963696261
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138486494250
    O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/pro...anner37440.cab
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.costcophotocenter.com/CostcoUpload.cab
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.sparedollar.com/sdImage/XUpload.ocx
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/RACtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D010E729-8B30-4638-9BB2-F32338BED958}: NameServer = 208.67.222.222,208.67.220.220
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

  2. #2
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    This is the results from the Panda online scan:


    Incident Status Location

    Adware:adware/spysheriff Not disinfected c:\windows\system32\desktop.html
    Adware:adware/craft Not disinfected c:\windows\system32\mscnf.dll
    Adware:adware/nowfind Not disinfected Windows Registry
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.overture.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.go.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.ads.addynamix.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.bravenet.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.google.com.br/]
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.target.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ccbill[1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fe.lea.lycos[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Cookies\owner@webpower[2].txt

  3. #3
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to the forum, if you still need help and are not receiving it elsewhere, please follow these instructions.

    1) You are running MSConfig in Selective Startup mode. To access MSCONFIG, click on the Windows® Start box found in the left side of the Taskbar, select Run and type MSCONFIG in the dialog box. Click OK.
    When the System Configuration windows opens, check "Normal Startup" then Apply and OK your way out. You may return to Selective Startup to save your resources when this repair is complete.

    2) Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.
    Please use these instructions when you run AVG Anti-Spyware, make sure you delete or at least quarantine what is located.
    http://forums.security-central.us/showthread.php?t=3165

    Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

    Thanks

    If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
    If you have been infected by one of the SpyAxe family
    http://forums.tomcoyote.org/index.php?showtopic=58063
    http://www.malwarecomplaints.info/

  4. #4
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    Hi pskelly,
    Thank you for helping me! I'm in the process of doing the steps in the link you provided but I have a question. I'm currently running Eset NOD32 anti virus, would I still need to d/l AVG? I've heard that running 2 different AV programs may not be a good thing. Could you please advise?

    Thanks again.

  5. #5
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for checking, and you are very right, it is never a good idea to run two resident antivirus programs at the same time. The program I am having you download is AVG Anti-Spyware 7.5, from the same folks, but NOT the antivirus program.

  6. #6
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    rapport.txt outcome:

    SmitFraudFix v2.128

    Scan done at 9:02:39.07, Sun 12/10/2006
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

  7. #7
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    AVG report:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:07:55 AM 12/10/2006

    + Scan result:



    C:\WINDOWS\system32\gtdownls_95.ocx -> Adware.Gdown : Ignored.
    C:\Program Files\LogMeIn\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
    C:\Program Files\LogMeIn\update\2-30-547.bak\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
    C:\Program Files\LogMeIn\update\2-30-555.bak\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
    C:\WINDOWS\system32\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
    C:\WINDOWS\system32\LMIinit.dll.000.bak -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
    :mozilla.406:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.407:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.408:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.409:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.410:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.411:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.412:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.413:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.414:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.431:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
    :mozilla.432:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.433:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.341:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.395:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.397:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.398:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.399:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.374:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.375:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.850:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.851:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.852:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.853:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.854:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.855:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.856:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.857:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.942:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.943:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

  8. #8
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:27:12 AM, on 12/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\LogMeIn\LogMeInSystray.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\soundman.exe
    C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
    C:\Program Files\Medion\PowerVCR II\Agent.exe
    C:\Program Files\eFax Messenger 4.1\J2GTray.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\LogMeIn\RaMaint.exe
    C:\Program Files\LogMeIn\LogMeIn.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\Medion\PowerVCR II\RemoteAgent.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerVCR II\Agent.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
    O4 - HKCU\..\Run: [Pronto] C:\Program Files\Pronto\Pronto.exe /silent
    O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 16 17
    O4 - Startup: My Desktop Post Office.lnk = ?
    O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
    O16 - DPF: {546B1745-1674-4089-A56A-171B67631F8D} - http://66.197.233.53/ImageControl.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01dbf0dc...p/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097963696261
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138486494250
    O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/pro...anner37440.cab
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.costcophotocenter.com/CostcoUpload.cab
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.sparedollar.com/sdImage/XUpload.ocx
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/RACtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D010E729-8B30-4638-9BB2-F32338BED958}: NameServer = 208.67.222.222,208.67.220.220
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

  9. #9
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for returning you information, I need to ask about the items at the beginning of the AVG Anti-Spyware 7.5 scan that you "ignored". Are you positive those items are safe? If you would like to scan them to be sure, use one or more of these free online scanners:
    http://virusscan.jotti.org/
    http://www.kaspersky.com/scanforvirus
    http://www.virustotal.com/flash/index_en.html

    Your Java program is out of date and a security risk, see this information:
    http://forums.spybot.info/showpost.p...80&postcount=2
    C:\Program Files\Java\jre1.5.0_06\ <<< uninstall all old version in Add Remove programs and download the newest.


    1) Please download ATF Cleaner by Atribune
    http://www.atribune.org/content/view/25/2/
    Save it to your Desktop. We will use this later.

    2) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
    Open Windows Defender, Click on Tools, General Settings.
    Scroll down and uncheck Turn on real-time protection (recommended).
    After you uncheck this, click on the Save button and close Windows Defender.
    After all of the fixes are complete it is very important that you enable Real-time Protection again.

    3) AVG Anti-Spyware 7.5: Deactivate the Resident Shield
    - Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
    - To do this, click "Change State" to the right of the Resident Shield option in the main window.
    - You will clearly see the status change to Inactive if you have done this correctly.

    4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01dbf0dc...p/RdxIE601.cab
    netsterO16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
    IWonCoPilot WebsearchAdware
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    can't identify
    O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
    SpyFalcon / winwea32.dll

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    5) Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    Restart the computer and post a last HJT log, let me know how the computer is running. Since you are running Windows Defender I would leave the AVG Anti-Spyware real time protection turned off so they do not conflict until I advise you about the program.

    Thanks...Phil

  10. #10
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    Quote Originally Posted by pskelley View Post
    Thanks for returning you information, I need to ask about the items at the beginning of the AVG Anti-Spyware 7.5 scan that you "ignored". Are you positive those items are safe? If you would like to scan them to be sure, use one or more of these free online scanners:
    http://virusscan.jotti.org/
    http://www.kaspersky.com/scanforvirus
    http://www.virustotal.com/flash/index_en.html
    Hi Phil,
    Oops! I didn't realize those were ignored. I let AVG set the default actions and I just "applied" the defaults. Should I go back (in safe mode) and re-run AVG A/S?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •