Jump to content


Photo

Hijack This Log


  • This topic is locked This topic is locked
37 replies to this topic

#1 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 03 September 2007 - 06:14 PM

i did the scan with the latest uptodate adaware mbut still get missing file 'C:\WINDOWS.1\system32\rundll32.exe'. i got a log for hijack this but need a look into it
Logfile of Trend Micro HijackThis

v2.0.2
Scan saved at 2:26:36 PM, on

03/09/2007
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\Explorer.EXE
C:\WINDOWS.1\system32\spoolsv.exe
C:\WINDOWS.1\Mixer.exe
C:\WINDOWS.1\system32\atiptaxx.exe
C:\Program

Files\MagicMus\MulMouse.exe
C:\Program

Files\Java\jre1.6.0_02\bin\jusched.ex

e
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc

.exe
C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe
C:\WINDOWS.1\system32\ctfmon.exe
C:\Program

Files\Google\GoogleToolbarNotifier\Go

ogleToolbarNotifier.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\WINDOWS.1\system32\oodag.exe
C:\WINDOWS.1\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr

.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex

e
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e

xe
C:\Program

Files\Yahoo!\Messenger\YahooMessenger

.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/d

efaults/sb/msgr8/*http://www.yahoo.co

m/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkI

d=54896
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkI

d=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkI

d=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkI

d=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkI

d=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/d

efaults/su/msgr8/*http://www.yahoo.co

m
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670

} - C:\Program

Files\Yahoo!\Companion\Installs\cpn5\

yt.dll
O2 - BHO: Adobe PDF Reader Link

Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3

} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHel

per.dll
O2 - BHO: (no name) -

{0914953A-B6C0-42C3-983E-5213C64AFA9B

} - (no file)
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897

} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43

} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) -

{77701e16-9bfe-4b63-a5b4-7bd156758a37

} - (no file)
O2 - BHO: (no name) -

{7E853D72-626A-48EC-A868-BA8D5E23E045

} - (no file)
O2 - BHO: Google Toolbar Notifier BHO

-

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D

} - C:\Program

Files\Google\GoogleToolbarNotifier\2.

0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88

} - C:\Program

Files\Yahoo!\Companion\Installs\cpn5\

yt.dll
O3 - Toolbar: (no name) -

{5D956A61-05E7-427B-A2B1-BF32FB18B1BE

} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS.1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer]

Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA]

atiptaxx.exe
O4 - HKLM\..\Run: [SchedulingAgent]

mstinit.exe /firstlogon
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex

e /STARTUP
O4 - HKLM\..\Run: [VersatoMs]

C:\Program

Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [Adobe Photo

Downloader] "C:\Program

Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run:

[SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_02\bin\jusched.ex

e"
O4 - HKLM\..\Run: [YSearchProtection]

"C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe"
O4 - HKLM\..\RunServices:

[OrigRage128Tweaker]

"C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE"

/detectorig
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS.1\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\Go

ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza]

"C:\Program

Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [YSearchProtection]

C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader

Speed Launch.lnk = C:\Program

Files\Adobe\Reader

8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader

Synchronizer.lnk = C:\Program

Files\Adobe\Reader

8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

} - C:\Program

Files\Java\jre1.6.0_02\bin\npjpi160_0

2.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

} - C:\Program

Files\Java\jre1.6.0_02\bin\npjpi160_0

2.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897

} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263

} -

C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBA

R.DLL
O9 - Extra button: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.e

xe (file missing)
O9 - Extra 'Tools' menuitem:

PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.e

xe (file missing)
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583

} - C:\WINDOWS.1\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583

} - C:\WINDOWS.1\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683

} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683

} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage -

http://download.games.yahoo.com/games

/clients/y/it1_x.cab
O16 - DPF: Yahoo! Literati -

http://download.games.yahoo.com/games

/clients/y/tt4_x.cab
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab

} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF:

{5ED80217-570B-4DA9-BF44-BE107C0EC166

} (Windows Live Safety Center Base

Module) -

http://cdn.scan.onecare.live.com/reso

urce/download/scanner/wlscbase8300.ca

b
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C

} (WUWebControl Class) -

http://update.microsoft.com/microsoft

update/v6/V5Controls/en/x86/client/wu

web_site.cab?1188685781896
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3

} (MUWebControl Class) -

http://update.microsoft.com/microsoft

update/v6/V5Controls/en/x86/client/mu

web_site.cab?1188684542854
O16 - DPF:

{8A94C905-FF9D-43B6-8708-F0F22D22B1CB

} (Wwlaunch Control) -

http://www.worldwinner.com/games/shar

ed/wwlaunch.cab
O16 - DPF:

{9D8D7672-93FF-417E-9024-C16AD141C50C

} (Haunted Control) -

http://www.worldwinner.com/games/v49/

haunted/haunted.cab
O16 - DPF:

{AC2881FD-5760-46DB-83AE-20A5C6432A7E

} (SwapIt Control) -

http://www.worldwinner.com/games/v64/

swapit/swapit.cab
O16 - DPF:

{C93C1C34-CEA9-49B1-9046-040F59E0E0D8

} (Paint Control) -

http://www.worldwinner.com/games/v42/

paint/paint.cab
O16 - DPF:

{D27CDB6E-AE6D-11CF-96B8-444553540000

} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get

/shockwave/cabs/flash/swflash.cab
O16 - DPF:

{FAE74270-E5EE-49C3-B816-EA8B4D55F38F

} (H2hPool Control) -

http://www.worldwinner.com/games/v51/

h2hpool/h2hpool.cab
O23 - Service: Ati HotKey Poller -

Unknown owner -

C:\WINDOWS.1\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager

Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr

.exe
O23 - Service: AVG7 Update Service

(Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc

.exe
O23 - Service: AVG E-mail Scanner

(AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e

xe
O23 - Service: iPodService - Unknown

owner - C:\Program

Files\iPod\bin\iPodService.exe (file

missing)
O23 - Service: O&O Defrag - O&O

Software GmbH -

C:\WINDOWS.1\system32\oodag.exe

--
End of file - 8778 bytes

#2 Trogan

Trogan

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 139 posts

Posted 04 September 2007 - 06:00 AM

Hi whitie, and welcome to Lavasoft Support! :)

Please open Notepad (Start > All Programs > Accessories > Notepad). Under the Format tab, untick Word Wrap. Close Notepad, and create a new HijackThis log to post back here.

#3 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 04 September 2007 - 02:08 PM

i did the scan with the latest uptodate adaware mbut still get missing file 'C:\WINDOWS.1\system32\rundll32.exe'. i got a log for hijack this but need a look into it
Logfile of Trend Micro HijackThis

v2.0.2
Scan saved at 2:26:36 PM, on

03/09/2007
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\Explorer.EXE
C:\WINDOWS.1\system32\spoolsv.exe
C:\WINDOWS.1\Mixer.exe
C:\WINDOWS.1\system32\atiptaxx.exe
C:\Program

Files\MagicMus\MulMouse.exe
C:\Program

Files\Java\jre1.6.0_02\bin\jusched.ex

e
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc

.exe
C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe
C:\WINDOWS.1\system32\ctfmon.exe
C:\Program

Files\Google\GoogleToolbarNotifier\Go

ogleToolbarNotifier.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\WINDOWS.1\system32\oodag.exe
C:\WINDOWS.1\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr

.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex

e
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e

xe
C:\Program

Files\Yahoo!\Messenger\YahooMessenger

.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/d

efaults/sb/msgr8/*http://www.yahoo.co

m/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkI

d=54896
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkI

d=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkI

d=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkI

d=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkI

d=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/d

efaults/su/msgr8/*http://www.yahoo.co

m
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670

} - C:\Program

Files\Yahoo!\Companion\Installs\cpn5\

yt.dll
O2 - BHO: Adobe PDF Reader Link

Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3

} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHel

per.dll
O2 - BHO: (no name) -

{0914953A-B6C0-42C3-983E-5213C64AFA9B

} - (no file)
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897

} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43

} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) -

{77701e16-9bfe-4b63-a5b4-7bd156758a37

} - (no file)
O2 - BHO: (no name) -

{7E853D72-626A-48EC-A868-BA8D5E23E045

} - (no file)
O2 - BHO: Google Toolbar Notifier BHO

-

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D

} - C:\Program

Files\Google\GoogleToolbarNotifier\2.

0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88

} - C:\Program

Files\Yahoo!\Companion\Installs\cpn5\

yt.dll
O3 - Toolbar: (no name) -

{5D956A61-05E7-427B-A2B1-BF32FB18B1BE

} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS.1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer]

Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA]

atiptaxx.exe
O4 - HKLM\..\Run: [SchedulingAgent]

mstinit.exe /firstlogon
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex

e /STARTUP
O4 - HKLM\..\Run: [VersatoMs]

C:\Program

Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [Adobe Photo

Downloader] "C:\Program

Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run:

[SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_02\bin\jusched.ex

e"
O4 - HKLM\..\Run: [YSearchProtection]

"C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe"
O4 - HKLM\..\RunServices:

[OrigRage128Tweaker]

"C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE"

/detectorig
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS.1\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\Go

ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza]

"C:\Program

Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [YSearchProtection]

C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader

Speed Launch.lnk = C:\Program

Files\Adobe\Reader

8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader

Synchronizer.lnk = C:\Program

Files\Adobe\Reader

8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

} - C:\Program

Files\Java\jre1.6.0_02\bin\npjpi160_0

2.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

} - C:\Program

Files\Java\jre1.6.0_02\bin\npjpi160_0

2.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897

} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263

} -

C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBA

R.DLL
O9 - Extra button: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.e

xe (file missing)
O9 - Extra 'Tools' menuitem:

PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.e

xe (file missing)
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583

} - C:\WINDOWS.1\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583

} - C:\WINDOWS.1\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683

} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683

} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage -

http://download.games.yahoo.com/games

/clients/y/it1_x.cab
O16 - DPF: Yahoo! Literati -

http://download.games.yahoo.com/games

/clients/y/tt4_x.cab
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab

} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF:

{5ED80217-570B-4DA9-BF44-BE107C0EC166

} (Windows Live Safety Center Base

Module) -

http://cdn.scan.onecare.live.com/reso

urce/download/scanner/wlscbase8300.ca

b
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C

} (WUWebControl Class) -

http://update.microsoft.com/microsoft

update/v6/V5Controls/en/x86/client/wu

web_site.cab?1188685781896
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3

} (MUWebControl Class) -

http://update.microsoft.com/microsoft

update/v6/V5Controls/en/x86/client/mu

web_site.cab?1188684542854
O16 - DPF:

{8A94C905-FF9D-43B6-8708-F0F22D22B1CB

} (Wwlaunch Control) -

http://www.worldwinner.com/games/shar

ed/wwlaunch.cab
O16 - DPF:

{9D8D7672-93FF-417E-9024-C16AD141C50C

} (Haunted Control) -

http://www.worldwinner.com/games/v49/

haunted/haunted.cab
O16 - DPF:

{AC2881FD-5760-46DB-83AE-20A5C6432A7E

} (SwapIt Control) -

http://www.worldwinner.com/games/v64/

swapit/swapit.cab
O16 - DPF:

{C93C1C34-CEA9-49B1-9046-040F59E0E0D8

} (Paint Control) -

http://www.worldwinner.com/games/v42/

paint/paint.cab
O16 - DPF:

{D27CDB6E-AE6D-11CF-96B8-444553540000

} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get

/shockwave/cabs/flash/swflash.cab
O16 - DPF:

{FAE74270-E5EE-49C3-B816-EA8B4D55F38F

} (H2hPool Control) -

http://www.worldwinner.com/games/v51/

h2hpool/h2hpool.cab
O23 - Service: Ati HotKey Poller -

Unknown owner -

C:\WINDOWS.1\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager

Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr

.exe
O23 - Service: AVG7 Update Service

(Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc

.exe
O23 - Service: AVG E-mail Scanner

(AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e

xe
O23 - Service: iPodService - Unknown

owner - C:\Program

Files\iPod\bin\iPodService.exe (file

missing)
O23 - Service: O&O Defrag - O&O

Software GmbH -

C:\WINDOWS.1\system32\oodag.exe

--
End of file - 8778 bytes

ok srry there new at all this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:31 AM, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\Explorer.EXE
C:\WINDOWS.1\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS.1\system32\oodag.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS.1\system32\wscntfy.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\MagicMus\MulMouse.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS.1\Mixer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\WINDOWS.1\system32\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS.1\system32\ctfmon.exe
C:\WINDOWS.1\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
c:\program files\softwin\bitdefender10\bdmcon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - (no file)
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunServices: [OrigRage128Tweaker] "C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE" /detectorig
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1188685781896
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1188684542854
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinn...ted/haunted.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9981 bytes

#4 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 04 September 2007 - 03:51 PM

by the way thanks for bothering really appreciates it !!! :rolleyes: i'm trying to do the best i can on my own lol been useing free scaners via filehippo thanks again hope ya can help me!!! :)

#5 Trogan

Trogan

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 139 posts

Posted 04 September 2007 - 08:24 PM

Hi whitie,

Can I ask that you stop doing your own cleaning as this can confusion while trying to clean your computer.

Please do the following...

1. You have multiple anti-virus programs (AVG and BitDefender). This is not a good idea. Multiple anti-virus programs will conflct and this will cause many problems. Please uninstall one of those via Add/Remove programs in Control Panel.

2. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: (no name) - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - (no file)


- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

3. I need to see another log from HijackThis.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.
4. Please post a new HijackThis log, and the Uninstall list.

#6 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 04 September 2007 - 10:37 PM

thanks very very much for helping i'm really trying here i did try to unistall what scaners i could but i can't open add and remove so i can only do so much but thnks very much for helping
Ad-Aware SE Personal
Adobe Flash Player Plugin
Adobe Reader 8
Adobe® Photoshop® Album Starter Edition 3.0
ATI Display Driver
AVG Free Edition
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Daytona USA
Deluxe Menu
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ewido anti-malware
Google Earth
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
J2SE Runtime Environment 5.0 Update 10
Java DB 10.2.2.0
Java™ 6 Update 2
Java™ SE Development Kit 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Motorola Software Update
Mozilla Firefox (2.0.0.6)
MP3+G Toolz
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 6 Enterprise Edition
O&O Defrag Professional Edition
Parker Brothers Classic Card Games
PC Inspector File Recovery
PCI Audio Driver
PS to USB convert cable
Rogers Yahoo! Applications
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Sega Rally 2 Championship - www.cgarchive.com
Shareaza version 2.2.5.0
ShortKeys Lite
Spybot - Search & Destroy
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
ViewMate Desktop Mouse CC2201 Uninstaller
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player Hotfix [See Q828026 for more information]
Windows Support Tools
Wipe It Off - Free Edition
Yahoo! Browser Services
Yahoo! Search Protection

hope that's what ya need thnks i'll keep checking e-mail for updates again thanks alot :lol:

#7 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 04 September 2007 - 10:58 PM

Hi whitie

I merged your new topic with the last reply into this one. Otherwise, Trogan won't be able to find it.

Remember to keep you replies to this topic and he'll get notices by email when you reply (he won't if you start a new topic)
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#8 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 04 September 2007 - 11:10 PM

thanks very very much for helping i'm really trying here i did try to unistall what scaners i could but i can't open add and remove so i can only do so much but thnks very much for helping
Ad-Aware SE Personal
Adobe Flash Player Plugin
Adobe Reader 8
Adobe® Photoshop® Album Starter Edition 3.0
ATI Display Driver
AVG Free Edition
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Daytona USA
Deluxe Menu
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ewido anti-malware
Google Earth
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
J2SE Runtime Environment 5.0 Update 10
Java DB 10.2.2.0
Java™ 6 Update 2
Java™ SE Development Kit 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Motorola Software Update
Mozilla Firefox (2.0.0.6)
MP3+G Toolz
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 6 Enterprise Edition
O&O Defrag Professional Edition
Parker Brothers Classic Card Games
PC Inspector File Recovery
PCI Audio Driver
PS to USB convert cable
Rogers Yahoo! Applications
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Sega Rally 2 Championship - www.cgarchive.com
Shareaza version 2.2.5.0
ShortKeys Lite
Spybot - Search & Destroy
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
ViewMate Desktop Mouse CC2201 Uninstaller
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player Hotfix [See Q828026 for more information]
Windows Support Tools
Wipe It Off - Free Edition
Yahoo! Browser Services
Yahoo! Search Protection

hope that's what ya need thnks i'll keep checking e-mail for updates again thanks alot :lol:

ok srry thnks for the help!!! :)

#9 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 04 September 2007 - 11:26 PM

No problem :lol: Trogan will be able to find you now.

Oh, and when you want to reply use the Add Reply button (and not the "reply button). That way you won't end up with those uneeded quotes from a prior post :) I know that using these forums can be confusing sometimes, so it's our job to help you and we don't mind helping you along when it does get confusing.

If you scroll down a wee bit when you want to reply you will see the button I'm talking about here:
AddReply.gif
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#10 Trogan

Trogan

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 139 posts

Posted 05 September 2007 - 12:09 AM

Is Add/Remove programs working? Please let me know.

#11 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 05 September 2007 - 12:16 AM

no not at all get the same missing file thingy thnks tho

#12 Trogan

Trogan

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 139 posts

Posted 05 September 2007 - 01:18 AM

Please go Here and download rundll32.exe for Windows XP to your Desktop.

Extract the ZIP file to your Desktop. A folder should be created with rundll32.exe inside. Copy and paste this to the C:\WINDOWS.1\system32 folder.

Reboot the computer and let me know if you can open Add/Remove programs.

#13 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 05 September 2007 - 07:05 AM

ok now i got acesss to the control panel thnks but i can't get into yahoo crib i think the java needs to be reinstalled now gona try it see what happens
:D :) :) :)

#14 Trogan

Trogan

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 139 posts

Posted 05 September 2007 - 11:24 AM

Hi whitie! That is great news. :D

Still have some work to do...

1. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

ewido anti-malware <-- there is an updated version out. We'll get that later.
Java™ SE Runtime Environment 6 Update 1

2. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Do not automatically generate reports
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      http://img509.images.../scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode and post a new HijackThis log, along with the AVG Anti-Spyware log.

#15 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 05 September 2007 - 05:34 PM

i'm haveing trouble turning off start with windows part thnks i'm gona have to install hijack this again thought i was done hehe i had to uninstall all the java's and reinstall the new java so now i got acess to my crib now :D

#16 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 05 September 2007 - 05:36 PM

i'm haveing trouble turning off start with windows part thnks i'm gona have to install hijack this again thought i was done hehe i had to uninstall all the java's and reinstall the new java so now i got acess to my crib now :D

not worry i got it !!!!going to safe mode now soon as i download hijack this

#17 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 05 September 2007 - 07:58 PM

:) :) :) okie here it goes whew!!!! first time in safe mode!!!!!! lol only got this thig (computer) just under 2 years ago!!! think i'm doing pretty good tho! {;))

---------------------------------------------------------

+ Created at: 2:28:58 PM 05/09/2007

+ Scan result:



:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kxnnhlm9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kxnnhlm9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kxnnhlm9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kxnnhlm9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.


::Report end
hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:47 PM, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\Explorer.EXE
C:\WINDOWS.1\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS.1\system32\oodag.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\MagicMus\MulMouse.exe
C:\WINDOWS.1\Mixer.exe
C:\WINDOWS.1\system32\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS.1\system32\ctfmon.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunServices: [OrigRage128Tweaker] "C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE" /detectorig
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1188685781896
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1188684542854
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinn...ted/haunted.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe

--
End of file - 7465 bytes
again thanks for everything!!!! {:o)

#18 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 05 September 2007 - 10:14 PM

i took out party 2 poker files and the ipod one ;)

#19 whitie

whitie

    Member

  • Members
  • PipPip
  • 24 posts

Posted 05 September 2007 - 10:33 PM

and worldwinner crap
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:45 PM, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\Explorer.EXE
C:\WINDOWS.1\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS.1\system32\oodag.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\MagicMus\MulMouse.exe
C:\WINDOWS.1\Mixer.exe
C:\WINDOWS.1\system32\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS.1\system32\ctfmon.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunServices: [OrigRage128Tweaker] "C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE" /detectorig
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1188685781896
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1188684542854
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe

--
End of file - 6576 bytes

#20 Trogan

Trogan

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 139 posts

Posted 06 September 2007 - 01:20 PM

Hi whitie!

You've done a good job so far. But where is your Anti-Virus program? I did not ask you to uninstall both BitDefender and AVG, just one. AVG Anti-Spyware is NOT an Anti-Virus program - it is a completely different.

Please install an Anti-Virus program straight away, either BitDefender or AVG. Also, do you have a Firewall? Let me know.

Post a new HijackThis log after installing an Anti-Virus program.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users