Page 1 of 3 123 LastLast
Results 1 to 10 of 45

Thread: HijackThis Log- Need Help

Hybrid View

  1. 03-13-2007, 01:47 PM #1
    songbird122403's Avatar
    songbird122403
    songbird122403 is offline Junior Member
    Join Date
    Mar 2007
    Location
    Newark, NY
    Age
    41
    Posts
    21

    Darksma is taking over my computer!

    I apologize ahead of time if someone already posted on this. I can hardly get pages to load, so this is easier for me.
    Anyway, I've run AVG, eTrust, Ad-Aware, Spybot, and a few other programs that didn't work for me. And frankly, I'm too stupid for HijackThis. I'm still getting pop-ups, "talking" ads in the background (when I don't have an internet page open), programs are being downloaded without my permission, and things like that. I know it's a Darksma virus that's causing this.
    I'm out of options. Please help?
    If you need any more info, I'll post what I know.
    Reply With Quote Reply With Quote
  2. 03-13-2007, 03:43 PM #2
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Songbird, I am sorry, but the simplest way to find out the problems is with HiJackThis.
    It is VERY simple to use. Please go to this link and follow the instructions;
    Reply With Quote Reply With Quote
  3. 03-14-2007, 02:33 AM #3
    songbird122403's Avatar
    songbird122403
    songbird122403 is offline Junior Member
    Join Date
    Mar 2007
    Location
    Newark, NY
    Age
    41
    Posts
    21
    I can't even tell you how many times I've tried. After an hour and a half of trying (just to get my computer to load anything), I'm done.
    Thank you though.
    Reply With Quote Reply With Quote
  4. 03-14-2007, 07:44 AM #4
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Have you been able to even download HiJackThis? If not, do you have access to another computer that you can download it and then save it to a disk?
    How do you know for sure it is a Darksama virus?
    Have you done all the scans in Safe Mode, disconnected from the internet?
    To boot to Safe Mode, Shut Down, Reboot and as soon as the computer begins to reboot tap the F8 Key. You will get a screen presenting you with Boot Choices. Choose Safe Mode.
    Once the computer is booted in Safe mode then run each scan and tell each program to delete whatever is found.
    Once complete then reboot and see if this makes a difference.
    Reply With Quote Reply With Quote
  5. 03-16-2007, 11:19 PM #5
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    As you can see I combined your two threads into one. You should always continue on with the original thread as it gets very confusing to have two threads from the same poster concerning ONE original problem.

    Your system has multiple trojans on it and will require several different tools and steps to remove them.

    First of all, however, you are running two anti-virus programs on the same computer...this is and absolute NO-NO. The absolute rule is ONE anti-virus program and one firewall on one machine. More than one of each does NOT increase protection but will lessen protection because the programs will conflict with each other and not protect the computer.

    You are running both Avast and eTrust EZ Antivirus. Please go to Add/Remove and Totally UNINSTALL Avast since it is the free program.
    If eTrust has expired then remove it...but one of them HAS TO GO before any cleaning of the computer can be done.

    Reboot the computer.
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • When VundoFix re-opens, click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
    Scan for Vundo button." when VundoFix appears at reboot.

    Please update your AVG Anti-Spyware 7.5.

    Please update your anti-virus program, whichever one you decided to keep.

    Please download the ATF-Cleaner.exe by Atribune (Windows XP & 2K ONLY) You can put this on your Desktop for easier access.

    Next I would like you to enable the Viewing of Hidden Files & Folders.

    Now I would like you to run the online Kaspersky scan. This will scan the computer for viruses, it WILL NOT remove them, but it WILL generate a log, which you should save to your desktop, that will give us the file location of many of these problems.

    Once you have done ALL of the above, including the VundoFix I would like you to Disconnect Completely from the Internet and Close ALL Browser Windows
    Boot to SAFE MODE
    Using the F8 Method
    1. Restart your computer.
    2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
    3. Select the option for Safe Mode using the arrow keys.
    4. Then press enter on your keyboard to boot into Safe Mode.
    - Click on ATF-Cleaner to run it
    -- Where it says Select Files To Delete, Check the Select All Option
    -- Click Empty Selected > OK > EXIT

    Next     run a FULL SYSTEM scan with your anti-virus program. Allow it to fix EVERYTHING found.
    Please Launch AVG Anti-Spyware.
    -- Click on the Scanner button and choose the Settings Tab.
    ---> Under How to act?, click on Recommended action and choose Quarantine to set default action for detected malware.
    --->Under Reports make sure Automatically generate report after every scan is selected and UNCHECK the Only if threats were found box.
    -- Leave everything else at their default settings and Select the Scan tab and CLICK Complete System Scan to scan your machine.
    -- Upon completion of the scan, Click Apply all actions to place any detected baddies in Quarantine.
    -- AFTER clicking Apply all actions, Click on Save Report and select Save the report to your Desktop

    Once you have completed those steps in SAFE MODE then REBOOT the computer in NORMAL MODE.

    Run a NEW HJT scan. Save the log.     Post back here with
    the Kaspersky log, the AVG log     and the new HJT log, we will then see the next steps that will need to be completed.
    Judy
    Reply With Quote Reply With Quote
  6. 03-17-2007, 11:42 AM #6
    pheonix73's Avatar
    pheonix73
    pheonix73 is offline Member
    Join Date
    Jan 2007
    Location
    Edmonton,Alberta,Canada
    Posts
    78
    I had also noticed that you have XP SP1.After Judy has helped you rid your system of the baddies,I would suggest going to Windows Update and updating to SP2.Another thing is that I am curious as to if you are also running the AVG antivirus on top of the other 2 programs.And if by chance you are on a high speed connection,a firewall would add to your your security greatly.
    Last edited by pheonix73; 03-17-2007 at 11:44 AM.
    Reply With Quote Reply With Quote
  7. 03-17-2007, 10:13 PM #7
    songbird122403's Avatar
    songbird122403
    songbird122403 is offline Junior Member
    Join Date
    Mar 2007
    Location
    Newark, NY
    Age
    41
    Posts
    21

    Here are my logs

    Thank you for your help, I really appreciate it. Here are my logs:

    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:00:38 PM, on 3/17/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\HiJackThis\hjtscan.exe.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {380492cc-ad6a-4156-a4dd-8970d8208991} - C:\WINDOWS\system32\cnvabl.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {96148623-2122-C110-8213-26D4D698D8B3} - C:\DOCUME~1\HOMEUS~1\APPLIC~1\DUMBPI~1\peak build.exe (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
    O4 - HKLM\..\Run: [iso does bleh once] C:\Documents and Settings\All Users\Application Data\cash view iso does\Axis 2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtim e.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\tutsrp.dll",setvm
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
    O4 - HKCU\..\Run: [NameWave] C:\DOCUME~1\HOMEUS~1\APPLIC~1\01WEBB~1\dvd software ref.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Home User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127823793934
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: cnvabl - C:\WINDOWS\SYSTEM32\cnvabl.dll
    O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Kaspersky:
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, March 17, 2007 5:51:37 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 17/03/2007
    Kaspersky Anti-Virus database records: 266668


    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\

    Scan Statistics
    Total number of scanned objects 68561
    Number of viruses found 4
    Number of infected objects 18 / 0
    Number of suspicious objects 0
    Duration of the scan process 01:29:35

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped

    C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\676D8TUX\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\676D8TUX\popup[1].js Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\676D8TUX\ua[1].gif Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85YVKDSR\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85YVKDSR\UAHelp_Classic[1].css Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8L0V8BG3\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8L0V8BG3\HelpLA_lib[1].js Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KN2POX85\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KN2POX85\UAHelp_Metrics[1].css Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Administrator\NtUser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped

    C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped

    C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped

    C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.in i Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier. lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.l nk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.in i Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

    C:\Documents and Settings\Home User\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

    C:\Documents and Settings\Home User\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Home User\Desktop\As you can see I combined your two threads into one.doc Object is locked skipped

    C:\Documents and Settings\Home User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Home User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Home User\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Home User\Local Settings\History\History.IE5\MSHist012007031720070 318\index.dat Object is locked skipped

    C:\Documents and Settings\Home User\Local Settings\Temp\tmp16.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

    C:\Documents and Settings\Home User\Local Settings\Temp\tmp1E.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

    C:\Documents and Settings\Home User\Local Settings\Temp\tmp2.tmp.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

    C:\Documents and Settings\Home User\Local Settings\Temp\tmp3.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

    C:\Documents and Settings\Home User\Local Settings\Temp\tmpA0.tmp.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

    C:\Documents and Settings\Home User\Local Settings\Temp\tmpA1.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

    C:\Documents and Settings\Home User\Local Settings\Temp\~DF7D50.tmp Object is locked skipped

    C:\Documents and Settings\Home User\Local Settings\Temp\~DFD5CA.tmp Object is locked skipped

    C:\Documents and Settings\Home User\Local Settings\Temp\~DFDA81.tmp Object is locked skipped

    C:\Documents and Settings\Home User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Home User\Local Settings\Temporary Internet Files\Content.IE5\SVON6N2Z\*****[1] Infected: Trojan.Win32.Agent.agv skipped

    C:\Documents and Settings\Home User\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Home User\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped

    C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000001.FCS Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP480\A0140238.exe Infected: Trojan.Win32.VB.axu skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP480\A0140239.exe Infected: Trojan.Win32.VB.axu skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP480\A0140240.exe Infected: Trojan.Win32.VB.axu skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP480\A0141490.rbf Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP480\A0141619.rbf Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP485\A0151424.dll Infected: Trojan.Win32.Agent.agv skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP485\A0151425.dll Infected: Trojan.Win32.Agent.agv skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP486\A0154418.exe Object is locked skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP487\A0156459.exe Object is locked skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP490\A0165868.dll Infected: Trojan.Win32.Agent.agv skipped

    C:\System Volume Information\_restore{AD24DD45-615F-49BA-8826-DBE9B95414A1}\RP490\change.log Object is locked skipped

    C:\VundoFix Backups\tmp1E.tmp.dll.bad Infected: Trojan.Win32.Agent.agv skipped

    C:\WINDOWS\Debug\oakley.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\cnvabl.dll Infected: Trojan.Win32.Agent.agv skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\tmp3.tmp.dll Infected: Trojan.Win32.Agent.agv skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    And finally AVG:
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:42:03 PM 3/17/2007

    + Scan result:



    C:\WINDOWS\Downloaded Program Files\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).


    ::Report end
    Once again thanks for your help.
    Reply With Quote Reply With Quote
  8. 03-19-2007, 09:07 AM #8
    songbird122403's Avatar
    songbird122403
    songbird122403 is offline Junior Member
    Join Date
    Mar 2007
    Location
    Newark, NY
    Age
    41
    Posts
    21

    2 more

    Last time I did a kaspersky scan it said I had 2 viruses now it says I have 4, Oh boy.
    Reply With Quote Reply With Quote
  9. 03-16-2007, 02:42 PM #9
    songbird122403's Avatar
    songbird122403
    songbird122403 is offline Junior Member
    Join Date
    Mar 2007
    Location
    Newark, NY
    Age
    41
    Posts
    21

    HijackThis Log- Need Help

    I was finally able to download HijackThis...here is my log. I need help figuring out what to leave, and what to take out.
    Thank you in advance.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:30:53 PM, on 3/16/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\HiJackThis\hjtscan.exe.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {380492cc-ad6a-4156-a4dd-8970d8208991} - C:\WINDOWS\system32\cnvabl.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {96148623-2122-C110-8213-26D4D698D8B3} - C:\DOCUME~1\HOMEUS~1\APPLIC~1\DUMBPI~1\peak build.exe (file missing)
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\tmpA1.tmp.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
    O4 - HKLM\..\Run: [iso does bleh once] C:\Documents and Settings\All Users\Application Data\cash view iso does\Axis 2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtim e.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\tutsrp.dll",setvm
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
    O4 - HKCU\..\Run: [NameWave] C:\DOCUME~1\HOMEUS~1\APPLIC~1\01WEBB~1\dvd software ref.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Home User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127823793934
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: cnvabl - C:\WINDOWS\SYSTEM32\cnvabl.dll
    O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Reply With Quote Reply With Quote
  10. 03-19-2007, 09:34 AM #10
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Did you follow the instructions I gave you above, including the VundoFix? I see virtually no difference between the first HJT log and the second HJT log that was supposedly run AFTER all those other steps.
    First of all, however, you are running two anti-virus programs on the same computer...this is and absolute NO-NO. The absolute rule is ONE anti-virus program and one firewall on one machine. More than one of each does NOT increase protection but will lessen protection because the programs will conflict with each other and not protect the computer.

    You are running both Avast and eTrust EZ Antivirus. Please go to Add/Remove and Totally UNINSTALL Avast since it is the free program.
    If eTrust has expired then remove it...but one of them HAS TO GO before any cleaning of the computer can be done.
    You are STILL showing TWO anti-virus programs. NO fix is going to work until you get one of those off there.

    Did you run the anti-virus program, the ATF cleaner and AVG anti-spy in SAFE MODE? Many of these entries are showing in the Kaspersky scan show they are in your TEMP files. You shouldn't have this many temp files if you have run ATF.

    Please go back to my instructions and follow them EXACTLY. Starting with the removal of one of those anti-virus programs.

    P.S. phoenix73 is correct about the SP2 update...but it absolutely cannot be done on a machine that is infected in any way. Please worry about that AFTER the machine is pronounced clean.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules