Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Hijacked by virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Hijacked by virus

Unread postby anitashore » October 17th, 2006, 2:03 pm

:) This has been coming up on my pc for a while: AOLSoftware.exe_corrupt file
C:\Documents and Settings\HP_Owner\Local Settings\Application
Data\AOL\User Profiles\1139515771\HP_Owner\metrics\cmls_ms.tlv is corrupt and unreadable. Please run the chkdsk utility.
I would appreciate any help given
anitashore
Active Member
 
Posts: 9
Joined: October 17th, 2006, 1:32 pm
Top
Advertisement
Register to Remove

Unread postby Vino Rosso » October 17th, 2006, 4:07 pm

Hi! anitashore and welcome to the Malware Removal forums.
My name is Vino Rosso - if it helps, you can call me Vino for short. I would be glad to try and help you with solving any malware problems. HijackThis logs can take a little time to research and, while I complete my training, all my recommended fixes will be checked by an expert.

Please be patient and I'd be grateful if you would note the following:
  • I will working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Finally, please reply to this thread. Do not start a new topic.
1 - HijackThis
Download a copy of HJTsetup.exe from >here< and save it to your Desktop.
  • Double click HJTsetup.exe to begin installation.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the prompts from there.
  • At the final dialogue box check the box to the left of "Launch Hijackthis" and then click Finish
  • When HijackThis has started, click on Do a system scan and save a log file
  • Copy the log file (highlight ALL the text and press (Ctrl + C) and paste it (Ctrl + V) in your reply to this thread.
Do not try to fix anything yet! HijackThis shows lots of good files as well as bad.

Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Top

hijacked by virus

Unread postby anitashore » October 28th, 2006, 6:32 pm

Done that. Sorry for the late reply but my mother has not been to well recently. What do I have to do now?
anitashore
Active Member
 
Posts: 9
Joined: October 17th, 2006, 1:32 pm
Top

Unread postby Vino Rosso » October 28th, 2006, 7:08 pm

Sorry to hear about your Mum.
If you have run a HijackThis log as requested, please post it in your next reply - see last bullet point of my post.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Top

Unread postby anitashore » October 29th, 2006, 6:33 am

<HTML><BODY BGCOLOR="#ffffff"><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>thats wot you have to do NOW<BR>
</FONT><FONT COLOR="#ff0000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Anitashore2:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#000000" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0">explain how 2 do this<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>read the anwer<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>answer<BR>
</FONT><FONT COLOR="#ff0000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Anitashore2:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#000000" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0">wots the website<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>THE ONE U POSTED ON!!!!!!!!!!!1<BR>
</FONT><FONT COLOR="#ff0000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Anitashore2:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#000000" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0">been buzee looking after mater who isn't 2 good<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>if u had done wot i told u last week it wud have all been done by now<BR>
</FONT><FONT COLOR="#ff0000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Anitashore2:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#000000" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0">I've got hijackthis.com<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>your hard work tonite<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>the answer is on the malware site you posted the question on<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>http://www.malwareremoval.com/<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>username anitshore all one word<BR>
p/word guinness<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>worked when i went on<BR>
</FONT><FONT COLOR="#ff0000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Anitashore2:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#000000" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0">judith:- anita is trying to find the message posted<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>you already have highjackthis on your pc so no need to dload agin<BR>
<BR>
</FONT><FONT COLOR="#ff0000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Anitashore2:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#000000" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0">can you do this on remore assist?<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>no,goin to bed now<BR>
<BR>
</FONT><FONT COLOR="#ff0000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Anitashore2:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#000000" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0">tomorrow maybe<BR>
<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>run highjack this and post result on site<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>the guy says he is going to help u<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>just reply with the result to his rsponse to your post<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Ibebbington:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#0000ff" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B>nite nite<BR>
</FONT><FONT COLOR="#0000ff" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"> Ibebbington signed off at 23:28</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> <BR>
</FONT><FONT COLOR="#ff0000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><B> Anitashore2:&nbsp;</FONT><FONT COLOR="#000000" BACK="#fefefe" style="BACKGROUND-COLOR: #fefefe" SIZE=1 PTSIZE=8 FAMILY="SANSSERIF" FACE="Arial" LANG="0"></B> </FONT><FONT COLOR="#000000" BACK="#ffffff" style="BACKGROUND-COLOR: #ffffff" SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0">how does she get her message</FONT></HTML>
anitashore
Active Member
 
Posts: 9
Joined: October 17th, 2006, 1:32 pm
Top

Unread postby anitashore » October 29th, 2006, 6:51 am

Sorry this is the one i think



Logfile of HijackThis v1.99.1
Scan saved at 10:48:33, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Onfolio\onfserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1160489255\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mini Oddie\MiniOddie.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Cloudmark\SafetyBar\OE\snoe.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\AOL\Broadband Assistant\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\common files\aol\1160489255\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1160489255\ee\aolsoftware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "EPSON Stylus Photo RX420 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Onfolio\onfserv.exe" nosignal
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160489255\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - HKCU\..\Run: [Mini Oddie] "C:\Program Files\Mini Oddie\MiniOddie.exe"
O4 - Global Startup: AOL Broadband Assistant.lnk = C:\Program Files\AOL\Broadband Assistant\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SafetyBar for Microsoft Outlook Express.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZZ
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?e9b9732f21fc471dbf36ca3a49b7ac56
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?e9b9732f21fc471dbf36ca3a49b7ac56
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540004} - http://freepcscan.com/spyware/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6079066609
O16 - DPF: {76D68CA1-DD9D-41C4-B2CC-AA9C9A5CF220} - http://www.junkscanner.com/jsetup.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37710.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA6E1ED-57C7-41FB-A2C4-C357FF8527B3}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
anitashore
Active Member
 
Posts: 9
Joined: October 17th, 2006, 1:32 pm
Top

Unread postby Vino Rosso » October 29th, 2006, 12:57 pm

Hi anitashore

Remember, if you can, it's worth printing these instructions out before you start.

A couple of questions to start...

1) I see in your log that you are running McAfee. Can you check and confirm that this is only the firewall and NOT the antivirus element of the program. The reason for asking is that running two antivirus programs (McAfee and AVG) could cause system problems and your PC to run slowly.

2) Have you tried uninstalling and re-installing AOL? If not, please try this first.

OK, there are a few things to clean up in your log:

1 - Remove Java
Go to Start » Control Panel » Add/Remove Programs
Search for all previous installed versions of Java. (J2SE Runtime Environment.... )
(It should have this icon next to it: Image)
Click that entry and then click on the Change/Remove button and follow the instructions to remove Java.
Repeat to remove all versions of Java.

Download and install the newest version of Java Runtime Environment (JRE), update 9, from >here<

2 - Run HJT Scan
Run a scan with HijackThis and tick the following entries, if present:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZZ
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540004} - http://freepcscan.com/spyware/Install.cab
O16 - DPF: {76D68CA1-DD9D-41C4-B2CC-AA9C9A5CF220} - http://www.junkscanner.com/jsetup.exe

Close all windows except HijackThis
Select Fix Checked in HijackThis.

3 - ATF Cleaner
Please download to your Desktop ATF Cleaner by Atribune from >here<. This program is for XP and Windows 2000 only. It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and greys out the other(s).

Double-click ATF-Cleaner.exe to run the program.
Under Select Files To Delete choose: Select All
If you rely on system remembered passwords, you should UNcheck Cookies.
Important Do not uncheck anything else!
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

4 - AVG Anti-Spyware
Download AVG Anti-Spyware 7.5 from >here<
After download, double click on the file to launch the install process.
Choose a language, click OK and then click Next.
Read the License Agreement and click I Agree.
Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click Next, then click Install.
After setup completes, click Finish to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
The main Status menu will appear. Select Change state to inactivate 'Resident Shield' and 'Automatic Updates'.
Then right click on AVG Anti-Spyware in the system tray and uncheck Start with Windows.
Go to Start > Run and type services.msc
  • Press OK.
  • Click the Extended tab and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the Stop button.
  • From the drop-down menu next to Startup Type, click on Manual.
  • Now click Apply, then OK and close the Services window.
Select the Update button and click Start update. Wait until you see the Update successful message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from >here<.

Once the updates are installed do the following:
Click on the Scanner button and choose the Settings tab.
  • Under How to act?, click on Recommended actions and choose Quarantine to set default action for detected malware.
  • Under How to Scan? check all (default).
  • Under Possibly unwanted software check all (default).
  • Under What to Scan? make sure Scan every file is selected (default).
  • Under Reports select Automatically generate report after every scan and UNcheck Only if threats were found.
Click the Scan tab to return to scanning options.
Click Complete System Scan to start.
When the scan has finished you will be presented with a list of infected objects found. Click Apply all actions to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate No action taken, making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button

Click on Save Report to view all completed scans. Click on the most recent scan you just performed and select Save report as - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
Exit AVG Anti-Spyware when done and submit the log report in your next response.

Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

5 - Check on status
After you have completed the above, please reboot and provide:
  • information on whether you have tried re-installing AOL
  • the AVG Anti-Spyware report
  • a new HijackThis log
  • and a description of how your PC is behaving
Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Top

Unread postby anitashore » October 30th, 2006, 1:27 pm

I am having trouble in getting the following 2 sites on:-
mywebsearch.com & freepcscan.com. Help.
anitashore
Active Member
 
Posts: 9
Joined: October 17th, 2006, 1:32 pm
Top

Unread postby Vino Rosso » October 31st, 2006, 3:05 am

Hi anitashore

Here is some information about the two sites you mentioned:

MyWebSearch.com
Although not technically malware, it is thought to be bad by many experts and it will bring malware with it. There are safer alternatives available such as the Google toolbar. My Web Search also known as the My Way Speedbar is the Internet Explorer toolbar part of the Fun Web Products suite of utilities such as Smiley Central, Cursor Mania, My Mail Stationary, My Mail Signature, PopSwatter, Popular Screensavers, and the My Way website portal. It reports your surfing activity anonymously to MyWay affiliates, helping them to serve targeted advertising to you.

FreePCScan.com
Info about FreePCScan.com >here<
There are a number of reputable companies that run on-line scans which I can advise you of.

Basically, I recommend you don't visit these two sites.

Are you able to follow my instructions in my last post?

Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Top

Unread postby NonSuch » November 12th, 2006, 2:17 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top

Unread postby ChrisRLG » November 20th, 2006, 4:18 pm

Re-opened on email requirest.

Please post a fresh HJT log for the helper to assist you.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Top

Unread postby anitashore » November 21st, 2006, 12:20 pm

this is the hjt logfile you asked me for
Logfile of HijackThis v1.99.1
Scan saved at 16:16:53, on 21/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Windows Desktop Search\wds_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Onfolio\onfserv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1162487127\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\program files\common files\aol\1162487127\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1162487127\ee\aolsoftware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mini Oddie\MiniOddie.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Cloudmark\SafetyBar\OE\snoe.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\AOL COMPANION\COMPANION.EXE
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://uk.downloads.yahoo.com/internete ... elcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "EPSON Stylus Photo RX420 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Onfolio\onfserv.exe" nosignal
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162487127\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - HKCU\..\Run: [Mini Oddie] "C:\Program Files\Mini Oddie\MiniOddie.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: SafetyBar for Microsoft Outlook Express.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?e9b9732f21fc471dbf36ca3a49b7ac56
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?e9b9732f21fc471dbf36ca3a49b7ac56
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/i ... rstart.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6079066609
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
anitashore
Active Member
 
Posts: 9
Joined: October 17th, 2006, 1:32 pm
Top

Unread postby Vino Rosso » November 21st, 2006, 7:53 pm

Hi and welcome back to the Malware Removal Forum

While I'm looking through your log, can you please post an uninstall list and let me know of any problems you are having with your computer.

1 - Uninstall List
Run HijackThis then click on Open the Misc Tools section
Click on Open Uninstall Manager...
Click on Save list...
Leave the default filename as uninstall_list.txt and save the file, noting where it has been saved
Close HijackThis.
On your Desktop, double-click on uninstall_list.txt and Notepad will open
Click Edit > Select All then Edit > Copy and paste (Ctrl+V) the uninstall list in your next reply here.

2 - Check on status
After you have completed the above, please provide:
  • the uninstall list
  • and a description of how your PC is behaving - what problems are you experiencing?
Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Top

hijack this

Unread postby anitashore » November 22nd, 2006, 3:39 pm

Logfile of HijackThis v1.99.1
Scan saved at 19:37:26, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Onfolio\onfserv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1162487127\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mini Oddie\MiniOddie.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1162487127\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1162487127\ee\aolsoftware.exe
C:\Program Files\Cloudmark\SafetyBar\OE\snoe.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\AdwareAlert\Scheduler.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://uk.downloads.yahoo.com/internete ... elcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "EPSON Stylus Photo RX420 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Onfolio\onfserv.exe" nosignal
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162487127\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [adwarealert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - HKCU\..\Run: [Mini Oddie] "C:\Program Files\Mini Oddie\MiniOddie.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: SafetyBar for Microsoft Outlook Express.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?e9b9732f21fc471dbf36ca3a49b7ac56
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?e9b9732f21fc471dbf36ca3a49b7ac56
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/i ... rstart.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6079066609
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA6E1ED-57C7-41FB-A2C4-C357FF8527B3}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
anitashore
Active Member
 
Posts: 9
Joined: October 17th, 2006, 1:32 pm
Top

Unread postby anitashore » November 22nd, 2006, 3:40 pm

Still getting the pop-up
anitashore
Active Member
 
Posts: 9
Joined: October 17th, 2006, 1:32 pm
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 125 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index