please help me clean up my computer(RESOLVED)

  1. 10-01-2006  #31
    Neal
    Neal is offline Dedicated Member

    Re: please help me clean up my computer

    If you can't find or don't have a way to show hidden files/folders then i don't know what to tell you.

    Post a new hijackthis log please.

  3. 10-01-2006  #32
    AhhhChu
    AhhhChu is offline Full Member
    im sry.

    do i still have to do post #19? i didnt do it yet.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:30:55 PM, on 1/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\Root\csrss.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\mscompls.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\My Downloads\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneLabs] C:\WINDOWS\system32\Root\csrss.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Lookup on CD - c:\AHD4withThesaurus\ahd.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3BED031E-0DE2-4ECF-8623-7B665271B162}: NameServer = 192.168.0.1
    O20 - Winlogon Notify: doceula - C:\WINDOWS\MICROS~1.NET\doceula.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  4. 10-01-2006  #33
    Neal
    Neal is offline Dedicated Member
    Hi,


    Please download LQfix.exe from one of the following locations:

    http://www.downloads.subratam.org/LQfix.exe
    http://miekiemoes.geekstogo.com/tools/LQfix.exe

    Save it to your desktop.
    • Double-Click LQfix.exe and click Next > Next > Install.
    • Leave the default settings, if you change them, the fix will Fail!
    • You need an active internetconnection, so make sure your you're not blocking any connection now.
    • Now make sure the "Launch LQfix" box is checked.
    • Click the Finish button, after clicking the Finish button the fix will start.
    • Follow the on-screen prompts.
    • Your system will reboot afterwards.
    • Please be patient after the reboot, there is a script running in the background that needs to complete.
    Then do a scan with HJT and post a new log.

    Thanks.
  5. 10-01-2006  #34
    AhhhChu
    AhhhChu is offline Full Member
    Logfile of HijackThis v1.99.1
    Scan saved at 9:53:44 PM, on 1/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\Root\csrss.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\mscompls.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\My Downloads\hijackthis.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneLabs] C:\WINDOWS\system32\Root\csrss.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Lookup on CD - c:\AHD4withThesaurus\ahd.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3BED031E-0DE2-4ECF-8623-7B665271B162}: NameServer = 192.168.0.1
    O20 - Winlogon Notify: doceula - C:\WINDOWS\MICROS~1.NET\doceula.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  6. 10-01-2006  #35
    Neal
    Neal is offline Dedicated Member
    Hi,

    Go here and download the tool to hopefully remove Vundo Trojan infection.

    http://securityresponse.symantec.com...oval.tool.html

    Afterwards post a new hijackthis log please.
  7. 12-01-2006  #36
    AhhhChu
    AhhhChu is offline Full Member
    Logfile of HijackThis v1.99.1
    Scan saved at 11:16:33 PM, on 1/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\Root\csrss.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\mscompls.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\My Downloads\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneLabs] C:\WINDOWS\system32\Root\csrss.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Lookup on CD - c:\AHD4withThesaurus\ahd.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3BED031E-0DE2-4ECF-8623-7B665271B162}: NameServer = 192.168.0.1
    O20 - Winlogon Notify: doceula - C:\WINDOWS\MICROS~1.NET\doceula.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  8. 12-01-2006  #37
    Neal
    Neal is offline Dedicated Member
    Hi,


    Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

    Now re-scan with Ewido and when done click save report button and post that back here please.

    Thanks
  9. 18-01-2006  #38
    AhhhChu
    AhhhChu is offline Full Member
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 5:25:17 PM, 1/17/2006
    + Report-Checksum: 47C7E2D9

    + Scan result:


    :mozilla.109:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.170:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.172:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.173:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.174:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.203:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.204:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.205:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.206:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.234:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.235:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.236:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.239:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.240:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.312:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.313:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.358:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.359:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.366:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.367:C:\Documents and Settings\Simon Chu\Application Data\Mozilla\Firefox\Profiles\onjzv9s6.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.106:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Simon Chu\Application Data\Netscape\NSB\Profiles\7xjdxf9b.default\cookie s.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
    C:\Documents and Settings\Simon Chu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-1f79c4c2-34baca53.zip/BlackBox.class -> Trojan.Java.ClassLoader.z : Error during cleaning
    C:\Documents and Settings\Simon Chu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-1f79c4c2-34baca53.zip/Beyond.class -> Downloader.Java.OpenConnection.v : Error during cleaning
    C:\Documents and Settings\Simon Chu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-2a9b46ed-6df7a346.zip/BlackBox.class -> Trojan.Java.ClassLoader.z : Error during cleaning
    C:\Documents and Settings\Simon Chu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-2a9b46ed-6df7a346.zip/Beyond.class -> Downloader.Java.OpenConnection.v : Error during cleaning
    C:\Documents and Settings\Simon Chu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-52a4015b-66da0680.zip/BlackBox.class -> Trojan.Java.ClassLoader.z : Error during cleaning
    C:\Documents and Settings\Simon Chu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-52a4015b-66da0680.zip/Beyond.class -> Downloader.Java.OpenConnection.v : Error during cleaning
    C:\Documents and Settings\Simon Chu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-6ad1acec-3e72e969.zip/BlackBox.class -> Trojan.Java.ClassLoader.z : Error during cleaning
    C:\Documents and Settings\Simon Chu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-6ad1acec-3e72e969.zip/Beyond.class -> Downloader.Java.OpenConnection.v : Error during cleaning
    C:\Documents and Settings\Simon Chu\Cookies\simon chu@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Simon Chu\Cookies\simon chu@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Simon Chu\Local Settings\Application Data\Wildtangent\Cdacache\00\00\1B.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
    C:\Program Files\My Downloads\Win-Spy Eval Setup.exe/7.txt -> Logger.WinSpy.j : Error during cleaning


    ::Report End
  10. 18-01-2006  #39
    Neal
    Neal is offline Dedicated Member
    Hi,

    next step:

    Download this next tool and run it and let the tool remove everything it finds. Scan entire computer and post the log it makes back here please.

    http://www.sunbelt-software.com/CounterSpy-Download.cfm
  11. 18-01-2006  #40
    AhhhChu
    AhhhChu is offline Full Member
    Save 20% on AVG Internet Security 2012 Suite!
    its too long to post up.
+ Reply to Thread
Page 4 of 5 FirstFirst 1 2 3 4 5 LastLast
« My HiJack log... Please Help!!! | My Internet Explorer is acting funny. need help »