Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

swingman13

30 Posts

1602

August 26th, 2007 11:00

HiJackThis log -win32/vmalum.aom & win32/zquest.e

Hello. Everytime I start my computer my anti-virus pops up telling me I'm infected with
win32/vmalum.aom 83122.exe
win32/zquest. tk58[1].
here is my log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:39 AM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\mefese22011.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mefese] C:\Program Files\Messenger\mefese22011.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://lycosmail.lycos.com/hanmail-ax/AttachMail.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9351 bytes

Bugbatter

20.5K Posts

August 30th, 2007 19:00

It looks as if you were due for some cleaning.
Please disable Windows Defender.

Please launch HijackThis and place a checkmark next to these:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

The following are not necessarily spyware/malware, but are optional to fix because they use resources and may not be necessary based on your needs.
Your choice to fix:
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)

Close all windows except HijackThis and click "Fix Checked"
Close HijackThis.

Let's follow with CCleaner. Download and scan each user profile with CCleaner:
http://www.ccleaner.com/download/builds
** Select to download the BASIC version.
1. Before first use, select Options > Advanced and UNCHECK
" Only delete files in Windows Temp folder older than 48 hours"
2. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
3. Click the " Run Cleaner" button.
4. A pop up box will appear advising this process will permanently delete files from your system.
5. Click " OK" and it will scan and clean your system.
6. Click " exit" when done.
REBOOT.

Please go offline. Make sure Windows Defender is still disabled so it does not interfere. Run your resident anti-virus and let me know if it finds anything.

Also let me know if you are still having symptoms of malware. Thanks.

swingman13

30 Posts

August 30th, 2007 19:00

C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@atwola[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@serving-sys[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@atdmt[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@rambler[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@burstnet[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adult-pornstar-mall[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@realmedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@entrepreneur.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@overture[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@phg.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@advertising[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@rotator.adjuggler[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.realtechnetwork[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cc.bridgetrack[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@statcounter[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter.hitslink[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@casalemedia[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@hit1.vioclicks[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@yadro[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adcentriconline[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@a.websponsors[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@belnk[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@spylog[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.rcgroups[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@zbox.zanox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adultrental[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@advertisingcom.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-kodak.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-newegg.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.cnn[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cgi-bin[5].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@secure.agoramedia[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@msnportal.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@onetruemedia[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@scot.valueclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@carasexe[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-metainterfacesllc.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adserver.filefront[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@partner2profit[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.xctrk[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@data1.perf.overture[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@heavycom.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-viacom.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@e-2dj6wgmiald5whp.stats.esomniture[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@e-2dj6wjlikhczcbo.stats.esomniture[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@e-2dj6wjlysmazmap.stats.esomniture[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads2.drivelinemedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.as4x.tmcs.ticketmaster[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-westwoodcollege.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.intelia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cbs.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.admedian[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.adultspotbroker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@highbeam.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@web4.realtracker[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@regalinteractive[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@nextstat[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-dig.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@whitecastle.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.searchadnetwork[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sales.liveperson[4].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@paycounter[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cz2.clickzs[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adultfilmdatabase[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@revenue[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@paypal.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@offeroptimizer[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@server.iad.liveperson[7].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@bellglobemediapublishing.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@content.pornstarnetwork[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.webstat[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@store.pornstar[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-streamload.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ctxtad[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adopt.hbmediapro[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@chicagosuntimes.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@kmpads[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@mediamax.streamload[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver[5].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cf.dhdmedia[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@searchadnetwork[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@findwhat[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@icc.intellisrv[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@statsgold[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sextracker[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter3.sextracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@members.allaxxxess[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@qksrv[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@programs.wegcash[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@bizrate[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@login.tracking101[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.addfreestats[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@spiketv.112.2o7[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.zango[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@superstats[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.sextv1[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.barnonedrinks[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@partypoker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-salonmedia.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@20415[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@fad-606.iad6.targetnet[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adopt.specificclick[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter1.sextracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-helio.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cs.sexcounter[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@statse.webtrendslive[3].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@nielsen.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.burstnet[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@as-us.falkag[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cgi-bin:emotion-14:.txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.webtender[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-hollywood.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.napkinnights[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.3dstats[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.guardian.co[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@hitscount[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.kleinman[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver:emotion-29:.txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver[7].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@viamtvcom.112.2o7[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sales.liveperson[3].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.bridgetrack[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@s.clickability[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@pornstar.dvdempire[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-warnerbrothers.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@redorbit[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@dhdmedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-foxmovies.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@queerclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www8.addfreestats[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-pizzahut.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@coolsavings[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@stat.dealtime[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ds.clickexperts[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@elitexc[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cnn.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@server.cpmstar[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.incentaclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adecn[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@estat[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@indiads[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@smileycentral[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@porngurus[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-gamespot.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@agoramedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adv.surinter[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter13.sextracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@Tmobile_womens_160x600[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@linksynergy[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@view.atdmt[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@realmedia.co[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@virginmedia[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@try.starware[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-groupernetworks.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@gostats[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@wpni.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adserv.muchosucko[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media303[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver:emotion-14:.txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@streamit.hardwarezone[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@partygaming.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.revsci[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adopt.euroclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@yourdailymedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adserver.cams[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@rainbowmedia.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sensual-encounters[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adbrite[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@38279[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-looksmart.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ez-tracks[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@hardwarezone[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@metacafe.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@honoluluadvertiser[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@pickup101.sitetracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@weborama[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@webstat[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@38278[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adult.dvdempire[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@data3.perf.overture[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.onlineemedia[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@gms.adbureau[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.sportmedia[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@lenovo.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@altporn[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@track.effiliation[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tremor.adbureau[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@h.starware[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@keywordmax[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.yieldx[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-myspaceinc.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adtech[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@riptownmedia.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@eb.adbureau[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.ps3.ign[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@dcsmarketing.directtrack[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@offers.intermediainteractive[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.trackspace[1].txt

swingman13

30 Posts

August 30th, 2007 23:00

thanks for your help.  Everything seems to be running ok
 
It seems like the super antispyware program uses up  a lot of memory. Is that normal?
 
I will perform the steps and repost a hijack log.


Message Edited by swingman13 on 08-30-2007 07:49 PM

swingman13

30 Posts

August 31st, 2007 01:00

Thanks for all the help bugbatter. Ran the CCleaner and everything seems to be running fine, but a little out of order.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:40 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://lycosmail.lycos.com/hanmail-ax/AttachMail.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 8404 bytes

Bugbatter

20.5K Posts

August 31st, 2007 02:00

You're welcome. :) I'm glad to hear that everything is running well. SAS had a lot of cleaning to do! If you feel that it uses too many resources, remove it, but it is a good tool to use on demand if needed. CCleaner is a good one to keep and use regularly as well.

If everything is running well, you can delete whatever was quarantined by your anti-virus.

After something like this it is a good idea to purge the Restore Points and start fresh.
If everything is running smoothly and you feel that the infection is gone....
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

You may have already taken some of these steps:
1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

3. Download and install the following free programs:
a. SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
b. SpywareGuard:
http://www.javacoolsoftware.com/spywareguard.html
Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
Periodically check for updates in both programs.

4. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
Note: Zone Alarm Firewall (Zone Labs) http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
Sunbelt Kerio has a free version: http://www.kerio.com/kpf_download.html

5. You might consider installing Mozilla / Firefox.
http://www.mozilla.org/

6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.

a. Ad-aware: http://www.lavasoft.de/software/adaware/

b. SpyBot S&D: http://safer-networking.org/en/news/2005-05-31.html

I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.

7. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List.
Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

8. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

9. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 8.1.0.
It would be best to remove prior versions before updating to a new version.
If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html

10. Make sure you are using the most updated version of Java.
The current version is Java Runtime Environment (JRE) 6u2
You can go here to download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says " Java Runtime Environment (JRE) 6u2 allows end-users to run Java applications".

Click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.

Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Official JAVA Installation Instructions if needed.
Reboot.

11. Practice Safe Surfing with with TrendProtect by Trendmicro.
TrendProtect is a browser plugin that assigns a safety rating to domains listed in your search engine. TrendProtect also adds a new button to your browser's toolbar area. The icon and color of the button changes to indicate whether the page currently open is safe, unsafe, trusted, or unrated, or whether it contains unwanted content.

The following color codes are used by TrendProtect to indicate the safety of each site.

Red for Warning
Yellow for Use Caution
Green for Safe
Grey for Unknown


12. Here are some helpful articles:
"So how did I get infected in the first place?"
by TonyKlein
http://computercops.biz/postlite7736-.html

"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

13. This is an excellent resource for users of all levels. General computer maintenance as well as internet security is covered.
Rootkits for Dummies
(Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

swingman13

30 Posts

August 31st, 2007 08:00

I tried to install Zone alarm and it said there was a conflict with my anti-virus program

Bugbatter

20.5K Posts

August 31st, 2007 20:00

Here are some other free firewalls:

Sunbelt Personal Firewall (trial)
Compatible with: Windows 2000, Windows XP
The Sunbelt Personal Firewall will keep working after the first 30 day trial, but in basic mode.
http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/

Omniquad Personal Firewall
Compatible with all Windows 9x and above
Freely available and contains the ability to monitor inbound and outbound traffic.
It allows you to set up different levels of trusted zones and will ask for your authorization before allowing local software to initiate connections to the Internet.
http://www.omniquad.com/pfirewall.htm

Comodo Personal Firewall:
Not compatible with Windows 9x systems
http://www.personalfirewall.comodo.com/

Outpost Free Firewall:
http://filehippo.com/download_outpost_firewall/

swingman13

30 Posts

September 5th, 2007 03:00

Hey this popped up on my anti-virus- bat/drakken. Said it was deleted. Should I be worried.
 
hijackthis log
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:12 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://lycosmail.lycos.com/hanmail-ax/AttachMail.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 8546 bytes


Message Edited by swingman13 on 09-05-2007 01:00 AM

Bugbatter

20.5K Posts

September 7th, 2007 18:00

Your log appears to be in good shape. If your AV deleted the problem, it is probably no longer a pest.

View More

View All

No Events found!

Top