Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hjt log - Freedom Hidden Window?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: hjt log - Freedom Hidden Window?

Unread postby Katana » January 10th, 2008, 5:12 pm

Yes, I thought it might be :(
I was hoping the log was wrong, and we had found the problem :lol:

Eset NOD32 Online AntiVirus

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\\Program Files\\EsetOnlineScanner\\log.txt. Please include this on your post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Re: hjt log - Freedom Hidden Window?

Unread postby danielle » January 10th, 2008, 9:46 pm

Katana,
There is no 'log.txt" file in the Eset folder . . ?
danielle
Active Member
 
Posts: 14
Joined: December 23rd, 2007, 10:09 pm

Re: hjt log - Freedom Hidden Window?

Unread postby Katana » January 10th, 2008, 9:59 pm

Please run this scan instead, and I will have a look at the Nod32 site.

TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hjt log - Freedom Hidden Window?

Unread postby danielle » January 11th, 2008, 8:50 am

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-11 07:50:07
PROTECTIONS: 1
MALWARE: 33
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Verizon Internet Security Suite Anti-Virus 5.3.2 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\danielle\favorites\health
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{9CACAAB4-15C2-48B2-8389-EEE5791AC1EE}\RP575\A0032659.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{9CACAAB4-15C2-48B2-8389-EEE5791AC1EE}\RP575\A0032658.exe
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@bfast[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@mediaplex[1].txt
00148840 Cookie/Pollstar TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@pollstar[1].txt
00156964 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@112.2o7[2].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@www.myaffiliateprogram[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@ad.yieldmanager[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@server.iad.liveperson[10].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@bluestreak[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@target[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@did-it[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@atwola[2].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@www3.addfreestats[1].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@cgi-bin[2].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Danielle\Cookies\danielle@ehg-dig.hitbox[2].txt
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Danielle\Desktop\SmitfraudFix\SmitfraudFix\restart.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Danielle\Desktop\ComboFix.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{9CACAAB4-15C2-48B2-8389-EEE5791AC1EE}\RP590\A0033743.com
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Danielle\Desktop\ComboFix.exe[nircmd.cfexe]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{9CACAAB4-15C2-48B2-8389-EEE5791AC1EE}\RP575\A0032700.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
danielle
Active Member
 
Posts: 14
Joined: December 23rd, 2007, 10:09 pm

Re: hjt log - Freedom Hidden Window?

Unread postby Katana » January 11th, 2008, 9:40 am

OK, there is no visible malware there so lets look at other reasons.

Did you un-install AOL ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hjt log - Freedom Hidden Window?

Unread postby danielle » January 11th, 2008, 10:08 am

no, I still have AOL as my homepage.
danielle
Active Member
 
Posts: 14
Joined: December 23rd, 2007, 10:09 pm

Re: hjt log - Freedom Hidden Window?

Unread postby Katana » January 11th, 2008, 10:14 am

Yes, but what about AOL programs ?
Did you change your internet provider from AOL, and un-install the software ?
your log shows some AOL lines, but not the ones that would normally be there if AOL was your ISP
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hjt log - Freedom Hidden Window?

Unread postby danielle » January 11th, 2008, 3:32 pm

I never had AOL as a provider. My husband was home from work one day using the computer and then there was an AOL search bar and it was aet to AOL as a homepage. I don't use AIM or anything so I'm not aware of any AOL programs. I don't think that I use anything AOL.
danielle
Active Member
 
Posts: 14
Joined: December 23rd, 2007, 10:09 pm

Re: hjt log - Freedom Hidden Window?

Unread postby Katana » January 11th, 2008, 4:33 pm

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Viewpoint Media Player
  • AIM Toolbar 5.0
  • AIM 6
Now close the Control Panel.
Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\Documents and Settings\Danielle\loaded.exe
    Folder::
    c:\program files\aol
    C:\Program Files\AIM6
    C:\Documents and Settings\All Users\Application Data\AOL Downloads
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Program Files\Viewpoint
    C:\Documents and Settings\All Users\Application Data\AOL
    C:\Documents and Settings\All Users\Application Data\AOL OCP
    C:\Program Files\Common Files\AOL
    
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.



Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Unless you actually want them, I would fix the following as well
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


Please post a fresh HJT log along with the ComboFix log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hjt log - Freedom Hidden Window?

Unread postby danielle » January 15th, 2008, 3:05 pm

combofix log
ComboFix 08-01-10.2 - Danielle 2008-01-15 13:16:22.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.220 [GMT -5:00]
Running from: C:\Documents and Settings\Danielle\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Danielle\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Danielle\loaded.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-10 21:09 . 2008-01-10 21:09 <DIR> d-------- C:\Program Files\Panda Security
2008-01-10 19:05 . 2008-01-10 19:09 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-09 19:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 20:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-04 20:53 . 2008-01-04 20:54 <DIR> d-------- C:\Program Files\Java
2008-01-04 20:53 . 2008-01-04 20:53 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-03 22:05 . 2008-01-03 22:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-03 22:05 . 2008-01-03 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 21:56 . 2008-01-03 21:56 <DIR> d-------- C:\Deckard
2007-12-30 20:10 . 2007-12-30 20:10 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-29 14:22 . 2007-12-29 14:22 23 --a------ C:\WINDOWS\kodakpcd.Danielle.ini
2007-12-24 18:37 . 2007-12-24 18:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 18:37 . 2007-12-24 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-22 21:47 . 2007-12-22 21:47 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2007-12-22 21:44 . 2008-01-04 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-15 15:48 . 2007-12-15 15:48 21 --a------ C:\WINDOWS\atid.ini
2007-12-15 15:44 . 2007-12-15 16:29 867 --ah----- C:\IPH.PH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 01:30 --------- d-----w C:\Program Files\Common Files\Command Software
2008-01-12 19:25 --------- d-----w C:\Program Files\Common Files\PestPatrol
2008-01-05 02:08 --------- d-----w C:\Program Files\Kodak
2008-01-05 02:01 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-31 00:17 --------- d-----w C:\Program Files\QuickTime
2007-12-31 00:10 --------- d-----w C:\Program Files\iTunes
2007-12-31 00:08 --------- d-----w C:\Program Files\Google
2007-12-31 00:08 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-12-31 00:03 --------- d-----w C:\Program Files\a-squared Free
2007-12-24 23:38 --------- d-----w C:\Program Files\Lavasoft
2007-12-24 23:38 --------- d-----w C:\Documents and Settings\Danielle\Application Data\Lavasoft
2007-12-24 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-06-08 00:57 36 ----a-w C:\Program Files\FEAD_error.log
.

((((((((((((((((((((((((((((( snapshot@2008-01-09_19.31.01.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-21 19:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll
+ 2007-07-18 19:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
- 2008-01-10 00:26:27 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-15 18:15:47 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-10 00:26:27 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-15 18:15:47 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-10 00:26:27 3,735,552 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-15 18:15:47 3,735,552 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-10 00:26:27 147,456 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-15 18:15:47 147,456 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-10 00:26:27 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-15 18:15:47 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-10 00:26:27 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-15 18:15:48 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-07-27 20:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 20:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 01:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 18:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-02 23:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-02 23:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 21:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 16:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
- 2008-01-09 08:13:25 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-14 12:31:52 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-09 08:13:25 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-14 12:31:52 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 08:31 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 14:31 655360]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 16:21 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 10:12 98304]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 17:33 1880064]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2006-03-30 10:05 237568]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [2005-11-29 15:16:14]

R1 crlscsi;crlscsi;C:\WINDOWS\system32\drivers\crlscsi.sys [1995-11-07 03:57]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 12:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 12:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 12:12]
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 12:12]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 13:22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 13:23:44
ComboFix-quarantined-files.txt 2008-01-15 18:23:33
ComboFix2.txt 2008-01-11 21:31:30
ComboFix3.txt 2008-01-10 00:31:41
.
2008-01-09 08:02:31 --- E O F ---


HJT log - none of the first 6 items on your list to delete were available to check but I did get rid of the remaining 5 suggestions

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:29 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Verizon\Verizon Internet Security Suite\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potg_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 5263351828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5263344968
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {8B7D2210-CC81-4F59-A486-4409FB485D4A} (RegConfig Class) - http://www2.verizon.net/help/fios_setti ... Config.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {A78856A6-334B-43AF-96F5-58574005910D} (CEinstaller Object) - http://w.s0.gc.sj.ipixmedia.com/code/Einstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe

--
End of file - 8154 bytes
danielle
Active Member
 
Posts: 14
Joined: December 23rd, 2007, 10:09 pm

Re: hjt log - Freedom Hidden Window?

Unread postby Katana » January 15th, 2008, 3:53 pm

Right, that is one clean machine :lol:

Are you still having the the same problems ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hjt log - Freedom Hidden Window?

Unread postby danielle » January 17th, 2008, 10:09 pm

Katana,
Thanks for all your help! I think it is running better without all the AOL stuff but I am still having the pop-up and freezing issues. I'll try to keep it clean.
thanks again,
danielle
danielle
Active Member
 
Posts: 14
Joined: December 23rd, 2007, 10:09 pm

Re: hjt log - Freedom Hidden Window?

Unread postby Katana » January 18th, 2008, 4:11 am

Please post a fresh HJT and I will try something else.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hjt log - Freedom Hidden Window?

Unread postby askey127 » January 26th, 2008, 8:09 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us to reopen this topic if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Wreck17 and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware