Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Am I clean

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Am I clean

Unread postby shazam » January 31st, 2007, 10:12 pm

I want to join Malware Removal University

here mylog

Logfile of HijackThis v1.99.1
Scan saved at 9:10:07 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\KWorld Multimedia\PVR-TV 2800 Utilities\EPIARCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SB\Desktop\Fix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 2800 Utilities\EPIARCtl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6675056578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3756671875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D2E2D41-5ABE-49EE-876F-CDF91DB02A18}: NameServer = 64.136.28.120 64.136.20.120
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

:) :)
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)
Advertisement
Register to Remove

Unread postby Bob4 » February 1st, 2007, 12:56 pm

Your log looks clean. Image

Is this just a check up before joining the uni or are you having any specific problems ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 1st, 2007, 1:20 pm

Both
When i start gmer and i close it and do somethig else like homework then i turn of my pc it termenate .net firework then log me off it say something about svchost.exe is being termenate and it say yes and cancel i don't click any thing and the pc turn off...

I allso get ping when i go online my firewall say system is block b/c of the rule.

p.s i am at school so i will get the ip when i get home thx :D
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby Bob4 » February 1st, 2007, 1:29 pm

When you say you run gmer I assume you are running gmer.exe to search for something. If this is so let me know. Also let me know why you are trying to run gmer.

I allso get ping when i go online my firewall say system is block b/c of the rule.


Can you tell me what exactly is being blocked by your firewall.
Is it your whole system can't get on the internet ?
Is it a specific program being blocked ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby Bob4 » February 1st, 2007, 1:35 pm

Forgot to answer this: :oops:

svchost.exe is being termenate and it say yes and cancel i don't click any thing and the pc turn off...


Windows isn't infalable. Sometimes it has trouble shutting down a few processes. When that happens I just click yes and let it shut down.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 1st, 2007, 4:56 pm

I run gmer.exe to see if they any rootkit run try to use the internet.
b/c i start seeing that the firewall keep giving me popup block system base on rule.
here is part of my firewall log I chang my ip to X.XXX.XXX.XXX in the log
Filseclab Personal Firewall Logfiles

Time RuleId Action Application Protocol Direction Local Port Remote Port Status Send Recv Remarks FullPath



Date Time Rule Action App Protocol/Direction Local Ip Port Remote Ip Port Sent Recv Description Full Path



1/31/2007 8:53:12 PM 2 Deny SYSTEM ICMP In X.XXX.XXX.XXX 5809 4.155.234.42 5 RECV 0 106 ICMP_ECHO(echo service)|RT:9|No.2 ICMP Rules SYSTEM

1/31/2007 8:53:15 PM 10011 Deny SYSTEM UDP In X.XXX.XXX.XXX 1026 200.92.194.156 11831 RECV 0 938 RECV|RT:10|No.10011 built-in Rules SYSTEM

1/31/2007 8:53:15 PM 10003 Deny SYSTEM TCP In X.XXX.XXX.XXX 1413 38.101.216.151 80 RECV 0 1514 ACK RECV|RT:10|No.10003 built-in Rules SYSTEM

1/31/2007 8:53:31 PM 10011 Deny SYSTEM UDP In X.XXX.XXX.XXX 1026 206.76.17.136 12500 RECV 0 922 RECV|RT:10|No.10011 built-in Rules SYSTEM

1/31/2007 8:53:38 PM 10003 Deny SYSTEM TCP In X.XXX.XXX.XXX 1413 38.101.216.151 80 RECV 0 1514 ACK RECV|RT:10|No.10003 built-in Rules SYSTEM

1/31/2007 8:53:47 PM 10011 Deny SYSTEM TCP In X.XXX.XXX.XXX 1331 72.246.31.74 80 RECV 0 62 ACK SYN RECV|RT:10|No.10011 built-in Rules SYSTEM

1/31/2007 8:54:19 PM 10011 Deny SYSTEM TCP In X.XXX.XXX.XXX 1378 80.67.74.233 80 RECV 0 62 ACK SYN RECV|RT:10|No.10011 built-in Rules SYSTEM

1/31/2007 8:54:30 PM 10003 Deny SYSTEM TCP In X.XXX.XXX.XXX 1413 38.101.216.151 80 RECV 0 1514 ACK RECV|RT:10|No.10003 built-in Rules SYSTEM

1/31/2007 8:54:56 PM 10011 Deny SYSTEM UDP In X.XXX.XXX.XXX 1026 88.191.35.64 33313 RECV 0 442 RECV|RT:10|No.10011 built-in Rules SYSTEM

1/31/2007 8:55:22 PM 1 Pass System UDP Out X.XXX.XXX.XXX 138 255.255.255.255 138 SEND 243 0 SEND|RT:10|No.1 Application Rules System

1/31/2007 8:57:15 PM 12 Pass FIREFOX UDP Out X.XXX.XXX.XXX 1511 64.136.28.120 53 RDSD 237 200 RDSD|RT:10|No.12 Application Rules C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

1/31/2007 8:57:14 PM 12 Pass FIREFOX UDP Out X.XXX.XXX.XXX 1521 64.136.28.120 53 SEND 78 0 SEND|RT:10|No.12 Application Rules C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

hope it nothing :oops:
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby Bob4 » February 1st, 2007, 8:11 pm

Lets start some priliminary scans .



______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).


___________________________________
Download AVG Anti-Spyware.

  • Install AVG Anti-Spyware.
  • Launch AVG by double-clicking on the icon.
  • The program will now open to the main screen.
  • You will need to update AVG to the latest definition files.

    • At the top of the main screen click Update.

      • Then in the Manual Update section, click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
  • When updates are completed, close AVG.

If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates
Do not use it yet.


________________________________________
Safe mode:
Please reboot to safe mode:
After the very first black screen start tapping the
F8 key untill prompted with a list choose safe
mode.




_________________________________________
AVG Part 2
AVG
Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
Click on scanner
Click on Settings
Under How to act
Choose quarintine

Under Reports check automatically create report after every scan.
Now back to the scan tab andClick on Complete system scan

Let the program scan the machine .
When finished click apply all actions.


Exit AVG.
It will save a log in C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

Reboot normaly.

Post the log from AVG and a new Hijackthis log.


_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer

The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.



__________________
open CCleaner
click on tools
highlight uninstall

down on the bottom click save to text file.
Save it to your desktop and post
the contents
of that log for me.

___________________________________________


In your next reply I would like to see:
  • A new HJT log
  • The report from Kasperskys
  • The report from AVG
  • The uninstall list from ccleaner

User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 2nd, 2007, 2:39 pm

Ok i done the avg anti-spware scan and i will it post when i finish the kaspersky online scan + HJT and CCleaner


p.s. i have to admin on my pc me and my sister hope this dose not change anything. i will stat the Kaspersky scan when i get home.
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby Bob4 » February 2nd, 2007, 6:30 pm

I also need to ask you about something.

Are you the administrator of this computer?
I see you have mentioned your sister...Is she the owner of this computer?

Aslo..

I see signs of 2 anti virus programs ..
Did you have nod32installed at some time. AND... Have you uninstalled it ?

Also I will be away all of Satuday and possibly posting again by Sunday.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 2nd, 2007, 8:06 pm

Yes is i am the admin and my sister is admin but she can see any of my file but i can see her. No I am the owner of the pc.

Yes i have 2 ant-virus. No i have not uninstaller it. (i am thing to stop buying nod32 and keep avg free)

here is the log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:10:08 PM 2/1/2007

+ Scan result:



C:\Program Files\HellEntryMU\MUSet2.dat -> Backdoor.Sturf : Cleaned.
:mozilla.54:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.38:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.86:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.87:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.81:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.89:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.91:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.92:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.93:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.10:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.6:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.7:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.8:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.48:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.49:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.72:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.11:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.12:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.56:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Shazeeda\Application Data\Mozilla\Firefox\Profiles\gw9x53vu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
-------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:17:38 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\KWorld Multimedia\PVR-TV 2800 Utilities\EPIARCtl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\SB\Desktop\Fix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 2800 Utilities\EPIARCtl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6675056578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3756671875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

-----------------------------------------------------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 02, 2007 7:02:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/02/2007
Kaspersky Anti-Virus database records: 264397
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 165596
Number of viruses found: 1
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:16:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NetZero\Accelerator\dblog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NetZero\Accelerator\MainExceptions.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NetZero\Accelerator\sdi.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NetZero\Accelerator\sdi.lg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NetZero\Isp\BootExceptions.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NetZero\Isp\ExecExceptions.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NetZero\Isp\IspDblog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NetZero\Isp\MainExceptions.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SB\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\SB\Desktop\Program tool\New Text Document.txt Infected: Trojan.BAT.ExitWindows.b skipped
C:\Documents and Settings\SB\Desktop\serial.txt Infected: Trojan.BAT.ExitWindows.b skipped
C:\Documents and Settings\SB\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\SB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\SB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\SB\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SB\Local Settings\History\History.IE5\MSHist012007020220070203\index.dat Object is locked skipped
C:\Documents and Settings\SB\Local Settings\Temp\Free Download Manager\tic18D.tmp Object is locked skipped
C:\Documents and Settings\SB\Local Settings\Temp\Perflib_Perfdata_5ec.dat Object is locked skipped
C:\Documents and Settings\SB\Local Settings\Temp\Perflib_Perfdata_b8.dat Object is locked skipped
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SB\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\SB\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shazeeda\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Program Files\Filseclab\xfilter\AppLog.dat Object is locked skipped
C:\Program Files\id Software\Quake 4\mint-q4t.exe Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby shazam » February 2nd, 2007, 8:08 pm

it because i had this were in the two text file

"Restart" shortcut (warm reboot - Windows restart only) :
C:\WINDOWS\RUNDLL.EXE user.exe,exitwindowsExec

"Reboot" shortcut (cold reboot - restart complete) :
C:\WINDOWS\RUNDLL32.EXE shell32,SHExitWindowsEx 2

"Shutdown" shortcut :
C:\WINDOWS\RUNDLL.EXE user.exe,exitwindows
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby Bob4 » February 3rd, 2007, 8:48 am

Lets remove those files


___________________________________
Search for and remove
Now I want you to search for and delete the following folder and all it's contents if present. If you need help finding them.
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD


C:\Documents and Settings\SB\Desktop\Program tool\New Text Document.txt
C:\Documents and Settings\SB\Desktop\serial.txt

__________________________
You have a part of Nod32 running. I suggest uninstalling it.
Having 2 anti virus programs is not a good idea. They will conflict with each other and may be the cause of your problems.
With that done let me know if things have improved.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 3rd, 2007, 1:27 pm

ok i remove :)
C:\Documents and Settings\SB\Desktop\Program tool\New Text Document.txt
C:\Documents and Settings\SB\Desktop\serial.txt

and i also uninstall nod32

i forgot to post ccleaner log here it is: :oops:

7-Zip 4.42
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Advanced RAR Password Recovery (remove only)
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATITool Overclocking Utility
AutoUpdate
AVG Anti-Rootkit Beta
AVG Anti-Spyware 7.5
AVG Free Edition
AVIcodec (remove only)
AviSynth 2.5
AXE 3.4
BF2 Editor
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
BugOff 1.10
CCleaner (remove only)
Cheating-Death 4.33.4
City 14
Collab
Conexant D850 56K V.9x DFVc Modem
Counter-Strike 1.6
coverXP (remove only)
Crash Analysis Tool
Creative MediaSource
D-Fend v2
DataCAD® 11 Test Drive
DawnOfWar
Dell ResourceCD
Dev-C++ 5 beta 9 release (4.9.9.2)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Doom Builder
DOSShell 1.4
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 2.9.8.3
DVDFab Platinum 2.9.4.2
e-PDF To Word Converter
Filseclab Personal Firewall
Final Fantasy VII - Ultima Edition
FL Studio 6
Free Download Manager 2.1
Hamachi 0.9.9.9
HellEntryMU V1.2F FULL
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
ImageMixer VCD2
IsoBuster 1.9
Java(TM) SE Development Kit 6
Java(TM) SE Runtime Environment 6
Kaspersky Online Scanner
KnightOnline
KWorld PVR-TV 2800 Utilities
KWorld TV2800 WDM Drivers
Lavasoft VX2 Cleaner
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark Photo Center
Lexmark Z700-P700 Series
Link Maven 2.02 (Trial Version)
LogonStudio
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
Macromedia Flash 8
Macromedia Flash Player 8 Plugin
Macromedia Flash Player 8
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Document Explorer 2005
Microsoft Office XP Professional with FrontPage
Microsoft Reader
Microsoft Speech SDK 5.1
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
MINERVA: Metastasis 2
Miranda IM
MKVtoolnix 1.6.5
Modem Helper
Mozilla Firefox (2.0)
Mozilla Firefox (2.0.0.1)
MSXML 6.0 Parser (KB927977)
Need for Speed Underground 2
Nero 7 Ultra Edition
Network Stumbler 0.4.0 (remove only)
NetZero Internet
NOD32 antivirus system
Notepad++
OpenAL
Orca
Panda ActiveScan
Pawn 2
PhoneTray Dialup
Picture Package
PowerDVD 5.1
Project64 1.6
PVR Plus
Quake 4(TM)
Racer
Read in Microsoft Reader Add-in for Microsoft Word
ReaderWorks Standard
Real Alternative 1.51
Resident Evil: Cold Blood Beta 1
RightMark 3DSound 2.2
Rootkit Unhooker Uninstall
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB926255)
Sentinel System Driver
Shareaza version 2.2.3.0
Sony ACID Pro 5.0c
Sony ACID Pro 6.0
Sony CD Architect 5.2
Sony Media Manager 2.1
Sony Sound Forge 8.0d
Sony USB Driver
Sony Vegas 6.0d
Sound Blaster Live! 24-bit
Spybot - Search & Destroy 1.4
Spyware Doctor 3.8
Starcraft
TI Connect(TM) 1.2.1
TuneUp Utilities 2006
Tyranid Mod
USB Dual Vibration Joystick
VideoLAN VLC media player 0.8.5
Warcraft III
WebFldrs XP
WiFi Hopper
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Wolfenstein - Enemy Territory
wxCRP v1.3
xat.com JPEG Optimizer
Xfire (remove only)
XviD MPEG-4 Video Codec
--------------------------------------------

what is WebFldrs XP
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby Bob4 » February 4th, 2007, 3:43 pm

what is WebFldrs XP

Overview
This download enables you to update the Web Folders component in Microsoft Windows operating systems, and provides additional functionality including:

Support for Secure Socket Layers (SSL) with client certificates
Support for non-ASCII character encoding enhancements
Support for additional security enhancements

C:\Program Files\Common Files\Microsoft Shared\Web Folders

http://www.microsoft.com/downloads/deta ... aylang=enu

Send 1 more HJT log and let me know if the only issue you have left is the shut down error.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 4th, 2007, 9:53 pm

ok i have a new problem when i turn on my pc and it go to the login when i click on the icon to login nothing happen. i restart the pc 5 time then i can login.
it have when my sister use here side and turn of the pc. When she or I turn on the pc to use it we get that problem. I think it her side causing this problem. :cry:

I saw the svchost.exe is being termenate again when i log on to my side.

here the new hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 8:49:31 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\KWorld Multimedia\PVR-TV 2800 Utilities\EPIARCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\SB\Desktop\Fix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 2800 Utilities\EPIARCtl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6675056578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3756671875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D2E2D41-5ABE-49EE-876F-CDF91DB02A18}: NameServer = 64.136.20.121 64.136.28.121
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware