Results 1 to 6 of 6

Thread: Help Cleaning up my Computer

  1. 11-27-2006, 11:51 PM #1
    Lucas2424
    Lucas2424 is offline Junior Member
    Join Date
    Nov 2006
    Posts
    3

    Help Cleaning up my Computer

    My house has 2 computers and one is about 8 years old and used less often so I've pretty much ignored trying to clean it up the last couple years and now I'm making an effort to get it back into shape with my other computer in trouble.

    It's running slower than it should, and since I've installed AVG earlier today, it's already found 8 trojans. It's just now found one that it says Access is Denied to. I'm including my HJT log and I would greatly appreciate it if you could walk me through the clean up process.




    Logfile of HijackThis v1.99.1
    Scan saved at 8:43:50 PM, on 11/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ps2.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 AA.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\SYSTEM32\mspaint.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xlzydewsgfrlurrwzlzkvzfo....xuN/ojrKi.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/1/hi/world/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [THIS SETTINGS] C:\DOCUME~1\luke\APPLIC~1\BLEHSIGN\sizespamseek.ex e
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    Reply With Quote Reply With Quote
  2. 11-28-2006, 12:35 AM #2
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Hi Lucas, Welcome to IANAG.
    Couple of things I see right off...
    Are you using AOL? There are several listings in the log which show at least a few AOL items running, which is ok if you are using AOL. But if you used to use AOL but no longer do then these items will have to be removed.
    Your Java is way out of date and definitely should be updated.
    You also do not appear to be runnng a firewall and this is a must today. Windows XP has a built in firewall and I recommend that you turn that on once we have completed the cleaning.
    Now I would like you to go to this link
    Follow ALL the steps given there, including the downloading of the various anti-spy programs and the online anti-virus scans. Once you have completed all that then, with all browsers and unnecessary programs closed run a new HJT scan. Save the log and post it back here.
    If any of these scans find something which cannot be removed please note the name and location so we can do removal another way.
    Reply With Quote Reply With Quote
  3. 11-28-2006, 02:23 AM #3
    Lucas2424
    Lucas2424 is offline Junior Member
    Join Date
    Nov 2006
    Posts
    3
    Thank you for your reply.

    I had cancelled AOL awhile back and when I spent a couple hours working on it today I thought I had deleted everything that had AOL through the Add/Remove Programs thing but I guess some of it stuck around.

    I updated my Java. Not that it matters too much...

    I looked in my security center and it said that Windows Firewall was on. Maybe something fishy going on there.

    I downloaded the stuff and I did almost all the steps but I didn't have time to do everything tonight, but so far my Ad-Aware found 3 files that contained malware and or adware, which I deleted and my AVG has found 8 Trojans. I was able to find the one that it couldn't cure in my msconfig and I made it where that doesn't start up anymore. Not sure if that makes sense, just question me if it doesn't.

    And here is my new HJT log, not sure if much has changed.


    Logfile of HijackThis v1.99.1
    Scan saved at 11:15:34 PM, on 11/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ps2.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xlzydewsgfrlurrwzlzkvzfo....xuN/ojrKi.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/1/hi/world/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    Reply With Quote Reply With Quote
  4. 11-28-2006, 10:29 AM #4
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Hi Lucas,
    Things look better. One thing we really, really need to know is the NAME of the Trojan that you have disabled in msconfig. Just disabling does not remove it. It is still there on the system but we need to know the name of it in order to be certain that it is gone.

    Do NOT be concerned about the Windows Firewall showing as running, this is the DEFAULT setting with XP SP2. It is automatically enabled so leave it running. You can of course install another firewall and then disable this one but, even though it protects only against things coming IN to the computer but not things going OUT I personally feel if you get the computer clean then there would be nothing going out anyway. I use it and am perfectly happy with it. But it is your choice.

    Since you don't state for sure which programs you ran from the link I gave you a KEY one I would like you to download and run is AVG Anti-Spyware 7.5
    Download, install and update the program but DO NOT scan with it yet.

    Enable the Viewing of Hidden Files and Folders

    Update the other programs you downloaded, AND your Anti-virus program and then reboot the computer in SAFE MODE

    First thing once in Safe Mode that I want you to do is go to Control Panel,
    Add/Remove look for and remove any of these if present. If they aren't there don't worry about it.
    Window Search
    Window Searching
    Lop.com
    LOP SEARCH
    Browser Enhancer
    Ultimate Browser Enhancer

    Then go to Start, Search, Files and Folders.
    Type in AOL. The computer will do a search for all files AOL. Once they are found, delete them.

    Next I want you to run FULL SYSTEM SCANS with Spybot Search & Destroy, AdAwareSE and remove everything found by each program.
    Finally do a FULL SYSTEM SCAN with AVG Anti-spyware.
    Have it remove everything found. Save the log for later posting here.

    Next, Reboot in NORMAL MODE and with all browsers closed run a new HJT scan and place checkmarks next to the following entries if still present;

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xlzydewsgfrlurrwzlzkvzfo.... uN/ojrKi.html

    R3 - Default URLSearchHook is missing
    O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL

    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)

    Once you have placed the checkmarks then click the FIX button.
    Exit HJT.
    Reboot, run a new HJT scan and save the log. Post it back here along with the AVG Anti-spyware log.
    Reply With Quote Reply With Quote
  5. 11-29-2006, 11:29 PM #5
    Lucas2424
    Lucas2424 is offline Junior Member
    Join Date
    Nov 2006
    Posts
    3
    Sorry it took so long but I'm back. I followed your instructions the best I could and here are my results.

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:58:14 PM 11/29/2006

    + Scan result:



    HKU\S-1-5-21-2695072642-3942243025-809299238-1006\Software\margo -> Adware.Adtomi : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2695072642-3942243025-809299238-1006\Software\margo\symbols -> Adware.Adtomi : Cleaned with backup (quarantined).
    C:\Program Files\Microsoft AntiSpyware\Quarantine\2F57AAE9-51AA-4F72-BA70-356AA5\9F7D35E1-2C3A-4EEF-9752-0060A2/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\BO2202031216.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\Xcite.dll -> Adware.BrowsePal : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\downloader_mind_silent.exe -> Adware.BrowsePal : Cleaned with backup (quarantined).
    C:\Documents and Settings\luke\Application Data\302597_exe -> Adware.Casino : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\OMsetup.exe -> Adware.ClientMan : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\cm1.dll -> Adware.ClientMan : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\cm1.dlltmp -> Adware.ClientMan : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\Xcite.exe -> Adware.F1Organizer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Luke-Dawg\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\Documents and Settings\Luke-Dawg\Application Data\Hotbar\reports.txt -> Adware.HotBar : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2695072642-3942243025-809299238-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Adware.Isearch : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{E734665B-7A74-4E09-A0C4-B95DF9F492B7}\RP17\A0007408.ini -> Adware.Sahat : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\SHAgent.dll -> Adware.Sahat : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\ctbv2.dll -> Adware.Sahat : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\SideStep.exe -> Adware.SideStep : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\httppost.exe -> Adware.Specofer : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2695072642-3942243025-809299238-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000000-59D4-4008-9058-080011001200} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2695072642-3942243025-809299238-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000000-F09C-02B4-6EC2-AD0300000000} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\lw.dll -> Dropper.Mudrop.w : Cleaned with backup (quarantined).
    :mozilla.33:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.34:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.35:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.36:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@reunioncom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.11:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.12:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.13:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.14:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.10:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Luke-Dawg\Cookies\luke-dawg@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Luke-Dawg\Cookies\luke-dawg@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.32:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Luke-Dawg\Cookies\luke-dawg@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.18:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.19:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.20:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.21:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@u25070.bins.lop[2].txt -> TrackingCookie.Lop : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.37:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.40:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.41:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.42:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.43:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.44:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Luke-Dawg\Cookies\luke-dawg@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
    :mozilla.16:C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\im90xc3u.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.











    Logfile of HijackThis v1.99.1
    Scan saved at 8:26:27 PM, on 11/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ps2.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/1/hi/world/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
















    Here are all of the Trojans that my AVG has found, not sure if it will help but figured the more information the better



    "","","Trojan horse Dropper.Generic.GPD","C:\WINDOWS\SYSTEM32\ctb.dll" ,"11/27/2006 8:21:06 PM","ctb.dll","752 KB"
    "","","Trojan horse Dropper.Small.19.AE","C:\WINDOWS\SYSTEM32\fly.dll" ,"11/27/2006 8:21:21 PM","fly.dll","231 KB"
    "","","Trojan horse Dropper.Small.19.AG","C:\WINDOWS\SYSTEM32\ignet.dl l","11/27/2006 8:21:29 PM","ignet.dll","116.5 KB"
    "","","Trojan horse Dropper.Small.19.AG","C:\WINDOWS\SYSTEM32\ignet2.d ll","11/27/2006 8:21:33 PM","ignet2.dll","116.5 KB"
    "","","Trojan horse Dropper.Generic.CKA","C:\WINDOWS\SYSTEM32\mcea110. dll","11/27/2006 8:21:49 PM","mcea110.dll","192.5 KB"
    "","","Trojan horse Downloader.Lookme.E","C:\WINDOWS\SYSTEM32\msss.exe ","11/27/2006 8:22:04 PM","msss.exe","224.5 KB"
    "","","Trojan horse Dropper.Agent.APH","C:\WINDOWS\SYSTEM32\nostalgia. dll","11/27/2006 8:22:12 PM","nostalgia.dll","111 KB"
    "","","Trojan horse Lop.I","C:\DOCUME~1\luke\LOCALS~1\Temp\d6733693.ex e","11/27/2006 11:08:19 PM","d6733693.exe","61.11 KB"
    "","","Trojan horse Lop.AD","C:\Documents and Settings\All Users\Application Data\32 file bone tick\Shim Amen.exe","11/28/2006 1:07:13 AM","Shim Amen.exe","295.8 KB"
    "","","Trojan horse Lop.AD","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\1mess.exe","11/28/2006 1:07:14 AM","1mess.exe","295.8 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\32 Grim.exe","11/28/2006 1:07:14 AM","32 Grim.exe","356.32 KB"
    "","","Trojan horse Lop.C","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\AntiMeow.exe","11/28/2006 1:07:14 AM","AntiMeow.exe","357.38 KB"
    "","","Trojan horse Lop.AC","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\balm jump.exe","11/28/2006 1:07:14 AM","balm jump.exe","347.55 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\BEEP BOWS.exe","11/28/2006 1:07:14 AM","BEEP BOWS.exe","356.32 KB"
    "","","Trojan horse Lop.AD","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\Body for.exe","11/28/2006 1:07:14 AM","Body for.exe","295.8 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\Deafpure.exe","11/28/2006 1:07:15 AM","Deafpure.exe","356.32 KB"
    "","","Trojan horse Downloader.Swizzor.9.A","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\Defy Cake.exe","11/28/2006 1:07:15 AM","Defy Cake.exe","311.85 KB"
    "","","Trojan horse Lop.C","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\EncAim.exe","11/28/2006 1:07:15 AM","EncAim.exe","357.38 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\Free bows.exe","11/28/2006 1:07:15 AM","Free bows.exe","356.32 KB"
    "","","Trojan horse Lop.C","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\LiteOption.exe","11/28/2006 1:07:15 AM","LiteOption.exe","357.38 KB"
    "","","Trojan horse Downloader.Swizzor.9.A","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\Loud Beep.exe","11/28/2006 1:07:16 AM","Loud Beep.exe","311.85 KB"
    "","","Trojan horse Lop.AC","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\mapi great.exe","11/28/2006 1:07:16 AM","mapi great.exe","347.55 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\Seekinside.exe","11/28/2006 1:07:16 AM","Seekinside.exe","356.32 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\Send stop.exe","11/28/2006 1:07:16 AM","Send stop.exe","356.32 KB"
    "","","Trojan horse Lop.T","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\Stop itch.exe","11/28/2006 1:07:16 AM","Stop itch.exe","356.26 KB"
    "","","Trojan horse Downloader.Swizzor.9.B","C:\Documents and Settings\All Users\Application Data\SUPPORT THIS DATA POKE\Test Tray.exe","11/28/2006 1:07:17 AM","Test Tray.exe","312.31 KB"
    "","","Trojan horse Lop.AD","C:\Documents and Settings\luke\Application Data\BLEHSIGN\ahatdmlc.exe","11/28/2006 1:07:17 AM","ahatdmlc.exe","295.8 KB"
    "","","Trojan horse Downloader.Swizzor.8.BC","C:\Documents and Settings\luke\Application Data\BLEHSIGN\atofrgao.exe","11/28/2006 1:07:17 AM","atofrgao.exe","61 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\luke\Application Data\BLEHSIGN\bekfdpnd.exe","11/28/2006 1:07:17 AM","bekfdpnd.exe","356.32 KB"
    "","","Trojan horse Lop.G","C:\Documents and Settings\luke\Application Data\BLEHSIGN\btzguzxd.exe","11/28/2006 1:07:18 AM","btzguzxd.exe","61.1 KB"
    "","","Trojan horse Downloader.Swizzor.9.A","C:\Documents and Settings\luke\Application Data\BLEHSIGN\dilekbul.exe","11/28/2006 1:07:18 AM","dilekbul.exe","311.85 KB"
    "","","Trojan horse Downloader.Swizzor.8.BJ","C:\Documents and Settings\luke\Application Data\BLEHSIGN\ghwozpls.exe","11/28/2006 1:07:18 AM","ghwozpls.exe","60.58 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\luke\Application Data\BLEHSIGN\gksrehua.exe","11/28/2006 1:07:18 AM","gksrehua.exe","356.32 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\luke\Application Data\BLEHSIGN\gyyalpki.exe","11/28/2006 1:07:18 AM","gyyalpki.exe","356.32 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\luke\Application Data\BLEHSIGN\ilhrkrlp.exe","11/28/2006 1:07:19 AM","ilhrkrlp.exe","356.32 KB"
    "","","Trojan horse Lop.AC","C:\Documents and Settings\luke\Application Data\BLEHSIGN\ldgthjnv.exe","11/28/2006 1:07:19 AM","ldgthjnv.exe","347.55 KB"
    "","","Trojan horse Downloader.Swizzor.8.BJ","C:\Documents and Settings\luke\Application Data\BLEHSIGN\mdgtvukt.exe","11/28/2006 1:07:19 AM","mdgtvukt.exe","60.58 KB"
    "","","Trojan horse Downloader.Swizzor.8.BJ","C:\Documents and Settings\luke\Application Data\BLEHSIGN\mugiuncj.exe","11/28/2006 1:07:19 AM","mugiuncj.exe","60.58 KB"
    "","","Trojan horse Lop.C","C:\Documents and Settings\luke\Application Data\BLEHSIGN\nrvmbhft.exe","11/28/2006 1:07:20 AM","nrvmbhft.exe","357.38 KB"
    "","","Trojan horse Lop.AC","C:\Documents and Settings\luke\Application Data\BLEHSIGN\oagulmsk.exe","11/28/2006 1:07:20 AM","oagulmsk.exe","347.55 KB"
    "","","Trojan horse Lop.G","C:\Documents and Settings\luke\Application Data\BLEHSIGN\Part Chic Bolt Thunk.exe","11/28/2006 1:07:20 AM","Part Chic Bolt Thunk.exe","61.1 KB"
    "","","Trojan horse Downloader.Swizzor.9.A","C:\Documents and Settings\luke\Application Data\BLEHSIGN\qigzgxrj.exe","11/28/2006 1:07:20 AM","qigzgxrj.exe","311.85 KB"
    "","","Trojan horse Downloader.Swizzor.9.B","C:\Documents and Settings\luke\Application Data\BLEHSIGN\ryqpxhvi.exe","11/28/2006 1:07:20 AM","ryqpxhvi.exe","312.31 KB"
    "","","Trojan horse Lop.AD","C:\Documents and Settings\luke\Application Data\BLEHSIGN\rzunjkvg.exe","11/28/2006 1:07:21 AM","rzunjkvg.exe","295.8 KB"
    "","","Trojan horse Downloader.Swizzor.8.BH","C:\Documents and Settings\luke\Application Data\BLEHSIGN\vceykipp.exe","11/28/2006 1:07:21 AM","vceykipp.exe","60.58 KB"
    "","","Trojan horse Lop.AD","C:\Documents and Settings\luke\Application Data\BLEHSIGN\vyrlhlit.exe","11/28/2006 1:07:21 AM","vyrlhlit.exe","295.8 KB"
    "","","Trojan horse Lop.T","C:\Documents and Settings\luke\Application Data\BLEHSIGN\wqgovvgs.exe","11/28/2006 1:07:21 AM","wqgovvgs.exe","356.26 KB"
    "","","Trojan horse Lop.C","C:\Documents and Settings\luke\Application Data\BLEHSIGN\wtthqeva.exe","11/28/2006 1:07:21 AM","wtthqeva.exe","357.38 KB"
    "","","Trojan horse Downloader.Swizzor.8.BD","C:\Documents and Settings\luke\Local Settings\Temp\c3e3fe2e.exe","11/28/2006 1:07:22 AM","c3e3fe2e.exe","60.6 KB"
    "","","Trojan horse Downloader.Swizzor.8.BD","C:\Documents and Settings\luke\Local Settings\Temp\e62470c2.exe","11/28/2006 1:07:22 AM","e62470c2.exe","60.6 KB"
    "","","Trojan horse Lop.AC","C:\Documents and Settings\Luke-Dawg\Application Data\BLEHSIGN\nspivphw.exe","11/28/2006 1:07:22 AM","nspivphw.exe","347.55 KB"
    "","","Trojan horse Lop.G","C:\Documents and Settings\Luke-Dawg\Application Data\BLEHSIGN\Part Chic Bolt Thunk.exe","11/28/2006 1:07:22 AM","Part Chic Bolt Thunk.exe","61.1 KB"
    "","","Trojan horse Lop.C","C:\Documents and Settings\Owner\Application Data\BLEHSIGN\bspzmwtp.exe","11/28/2006 1:07:23 AM","bspzmwtp.exe","357.38 KB"
    "","","Trojan horse Lop.G","C:\Documents and Settings\Owner\Application Data\BLEHSIGN\Part Chic Bolt Thunk.exe","11/28/2006 1:07:23 AM","Part Chic Bolt Thunk.exe","61.1 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\Owner\Application Data\BLEHSIGN\rdfmtuge.exe","11/28/2006 1:07:23 AM","rdfmtuge.exe","356.32 KB"
    "","","Trojan horse Lop.AB","C:\Documents and Settings\Owner\Application Data\BLEHSIGN\ztlyvuhx.exe","11/28/2006 1:07:24 AM","ztlyvuhx.exe","356.32 KB"
    "","","Trojan horse Dropper.Generic.GPD","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP352\A0020278.dll","11/28/2006 1:07:24 AM","A0020278.dll","752 KB"
    "","","Trojan horse Dropper.Small.19.AE","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP352\A0020279.dll","11/28/2006 1:07:24 AM","A0020279.dll","231 KB"
    "","","Trojan horse Dropper.Small.19.AG","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP352\A0020280.dll","11/28/2006 1:07:24 AM","A0020280.dll","116.5 KB"
    "","","Trojan horse Dropper.Small.19.AG","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP352\A0020281.dll","11/28/2006 1:07:24 AM","A0020281.dll","116.5 KB"
    "","","Trojan horse Dropper.Generic.CKA","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP352\A0020282.dll","11/28/2006 1:07:24 AM","A0020282.dll","192.5 KB"
    "","","Trojan horse Downloader.Lookme.E","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP352\A0020283.exe","11/28/2006 1:07:24 AM","A0020283.exe","224.5 KB"
    "","","Trojan horse Dropper.Agent.APH","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP352\A0020284.dll","11/28/2006 1:07:24 AM","A0020284.dll","111 KB"
    "","","Trojan horse Lop.AD","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020384.exe","11/28/2006 9:37:44 AM","A0020384.exe","295.8 KB"
    "","","Trojan horse Lop.AD","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020385.exe","11/28/2006 9:37:44 AM","A0020385.exe","295.8 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020386.exe","11/28/2006 9:37:45 AM","A0020386.exe","356.32 KB"
    "","","Trojan horse Lop.C","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020387.exe","11/28/2006 9:37:45 AM","A0020387.exe","357.38 KB"
    "","","Trojan horse Lop.AC","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020388.exe","11/28/2006 9:37:45 AM","A0020388.exe","347.55 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020389.exe","11/28/2006 9:37:45 AM","A0020389.exe","356.32 KB"
    "","","Trojan horse Lop.AD","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020390.exe","11/28/2006 9:37:45 AM","A0020390.exe","295.8 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020391.exe","11/28/2006 9:37:45 AM","A0020391.exe","356.32 KB"
    "","","Trojan horse Downloader.Swizzor.9.A","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020392.exe","11/28/2006 9:37:45 AM","A0020392.exe","311.85 KB"
    "","","Trojan horse Lop.C","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020393.exe","11/28/2006 9:37:45 AM","A0020393.exe","357.38 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020394.exe","11/28/2006 9:37:45 AM","A0020394.exe","356.32 KB"
    "","","Trojan horse Lop.C","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020395.exe","11/28/2006 9:37:45 AM","A0020395.exe","357.38 KB"
    "","","Trojan horse Downloader.Swizzor.9.A","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020396.exe","11/28/2006 9:37:45 AM","A0020396.exe","311.85 KB"
    "","","Trojan horse Lop.AC","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020397.exe","11/28/2006 9:37:45 AM","A0020397.exe","347.55 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020398.exe","11/28/2006 9:37:45 AM","A0020398.exe","356.32 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020399.exe","11/28/2006 9:37:45 AM","A0020399.exe","356.32 KB"
    "","","Trojan horse Lop.T","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020400.exe","11/28/2006 9:37:45 AM","A0020400.exe","356.26 KB"
    "","","Trojan horse Downloader.Swizzor.9.B","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020401.exe","11/28/2006 9:37:45 AM","A0020401.exe","312.31 KB"
    "","","Trojan horse Lop.AD","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020402.exe","11/28/2006 9:37:45 AM","A0020402.exe","295.8 KB"
    "","","Trojan horse Downloader.Swizzor.8.BC","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020403.exe","11/28/2006 9:37:46 AM","A0020403.exe","61 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020404.exe","11/28/2006 9:37:46 AM","A0020404.exe","356.32 KB"
    "","","Trojan horse Lop.G","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020405.exe","11/28/2006 9:37:46 AM","A0020405.exe","61.1 KB"
    "","","Trojan horse Downloader.Swizzor.9.A","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020406.exe","11/28/2006 9:37:46 AM","A0020406.exe","311.85 KB"
    "","","Trojan horse Downloader.Swizzor.8.BJ","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020407.exe","11/28/2006 9:37:46 AM","A0020407.exe","60.58 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020408.exe","11/28/2006 9:37:46 AM","A0020408.exe","356.32 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020409.exe","11/28/2006 9:37:46 AM","A0020409.exe","356.32 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020410.exe","11/28/2006 9:37:46 AM","A0020410.exe","356.32 KB"
    "","","Trojan horse Lop.AC","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020411.exe","11/28/2006 9:37:46 AM","A0020411.exe","347.55 KB"
    "","","Trojan horse Downloader.Swizzor.8.BJ","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020412.exe","11/28/2006 9:37:46 AM","A0020412.exe","60.58 KB"
    "","","Trojan horse Downloader.Swizzor.8.BJ","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020413.exe","11/28/2006 9:37:46 AM","A0020413.exe","60.58 KB"
    "","","Trojan horse Lop.C","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020414.exe","11/28/2006 9:37:46 AM","A0020414.exe","357.38 KB"
    "","","Trojan horse Lop.AC","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020415.exe","11/28/2006 9:37:46 AM","A0020415.exe","347.55 KB"
    "","","Trojan horse Lop.G","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020416.exe","11/28/2006 9:37:46 AM","A0020416.exe","61.1 KB"
    "","","Trojan horse Downloader.Swizzor.9.A","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020417.exe","11/28/2006 9:37:46 AM","A0020417.exe","311.85 KB"
    "","","Trojan horse Downloader.Swizzor.9.B","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020418.exe","11/28/2006 9:37:47 AM","A0020418.exe","312.31 KB"
    "","","Trojan horse Lop.AD","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020419.exe","11/28/2006 9:37:47 AM","A0020419.exe","295.8 KB"
    "","","Trojan horse Downloader.Swizzor.8.BH","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020420.exe","11/28/2006 9:37:47 AM","A0020420.exe","60.58 KB"
    "","","Trojan horse Lop.AD","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020421.exe","11/28/2006 9:37:47 AM","A0020421.exe","295.8 KB"
    "","","Trojan horse Lop.T","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020422.exe","11/28/2006 9:37:47 AM","A0020422.exe","356.26 KB"
    "","","Trojan horse Lop.C","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020423.exe","11/28/2006 9:37:47 AM","A0020423.exe","357.38 KB"
    "","","Trojan horse Lop.AC","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020424.exe","11/28/2006 9:37:47 AM","A0020424.exe","347.55 KB"
    "","","Trojan horse Lop.G","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020425.exe","11/28/2006 9:37:47 AM","A0020425.exe","61.1 KB"
    "","","Trojan horse Lop.C","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020426.exe","11/28/2006 9:37:47 AM","A0020426.exe","357.38 KB"
    "","","Trojan horse Lop.G","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020427.exe","11/28/2006 9:37:47 AM","A0020427.exe","61.1 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020428.exe","11/28/2006 9:37:47 AM","A0020428.exe","356.32 KB"
    "","","Trojan horse Lop.AB","C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP356\A0020429.exe","11/28/2006 9:37:48 AM","A0020429.exe","356.32 KB"



    Wow that's a lot of computer language right there but I hope it will tell you something. Thank you again.
    Reply With Quote Reply With Quote
  6. 11-30-2006, 12:15 AM #6
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    WHEW!!!
    No, it really looks MUCH better...I noticed you said earlier that it did not matter much that you had updated the Java, can you tell me WHY you think that? Keeping the Java updated is very important as this will help increase the security when viewing graphics and images on the computer. One should always run the latest version and check for updates often.
    What was the name of and the location of the one that had Access Denied? Do you recall? I don't see it here. Of course it's a long list, maybe I am missing it.
    Couple things you need to do;
    First of all download, install and update CCleaner

    Once you have installed and updated CCleaner I want you to run the DEFAULT SCAN only. Once it completes it's scan tell it to remove all that is found.

    Now in this next step you are searching for files which contained these Trojans. The files must be removed. Go to My Computer, double click. Then double click on "C" drive and navigate to the various folders below. If a specific folder cannot be found just make note of it and move on to the next.

    Then navigate here and delete the folders noted in RED please note that I have noted the various user accounts in Blue to make them stand out and easier for you to see. You will have to look in that specific user folder for the entry or entries you need to remove.;
    C:\Documents and Settings\All Users\Application Data\
    SUPPORT THIS DATA POKE\
    32 file bone tick

    Next go here and delete the entries noted in RED;
    C:\Documents and Settings\luke\Application Data\
    BLEHSIGN

    Then HERE and delete entries noted in RED;
    C:\Documents and Settings\Luke-Dawg\Application Data\

    And HERE and delete entries noted in RED;
    C:\Documents and Settings\Owner\Application Data\
    BLEHSIGN

    Now you will need to Disable System Restore because some of these items are located in System Restore. By turning it off these will be deleted. To Disable System Restore Right Click My Computer and choose Properties. When System Properties opens click on the System Restore Tab. Place a Checkmark in Turn Off System Restore. Click Apply. You will then get a message asking if you wish to do this, say yes. System Restore will then Shut Down. Close out System Properties.
    In your latest log it shows that you have disabled some items from running at Start Up by using msconfig. You need to go back in there and Re-enable everything you disabled.
    Now reboot the computer and run your AVG Anti-virus again, remove anything found. Then run AVG Anti-Spyware and remove anything found and save the log. Finally give me one more NEW HJT scan and save the log and post it back here with the new AVG anti-spy log.
    Last edited by jholland1964; 11-30-2006 at 12:55 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules