MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Need Help ASAP!
October 22, 2019, 09:24:32 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 22, 2019, 09:24:32 AM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Need Help ASAP!  (Read 1909 times)
Jett Blue
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« on: November 18, 2006, 01:44:12 PM »

I cant even get on the internet anymore without system doctor, winantivirus, drivecleaner... ect. popping up all over the place. Besides this, random IP's also come up as pop ups, although the screen is a blank white ( as in, the address is an IP ). Please help, my computer is not nearly as fast as it should be, and everything ive done has been useless. Thank you!

And heres my log...

Logfile of HijackThis v1.99.1
Scan saved at 8:44:50 AM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\Unused Desktop Shortcuts\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.23.9/ttinst.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: November 19, 2006, 01:32:09 AM »

I dont see anything wrong with your log.Its all clean.No malware.Maybe try this......


Download and install AVG Anti-Spyware 7.5
(This is Ewido 4.0 renamed. If you already have Ewido installed, please update to AVG Anti-Spyware which has a special "clean driver" for removing persistent malware)
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
 Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so may hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

=================================

Please download, update and run the A2 (A squared) anti-trojan.   Let it fix whatever it wants to.

Anti-virus
Also, run this pc through the...
Panda Online virus scanner
or
Trend Micro Housecall Online virus scanner

Let it delete whatever it finds. If it cannot delete it, then post the log and we will delete it manually.


Logged

An Australian Member of

EDDY
Jett Blue
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #2 on: November 19, 2006, 04:07:14 PM »

I cant even get on safe mode. When i try to, the usual message comes up asking if you want to continue in safe mode, or jump back to a restore point. I click OK to continue, it works for about 2 seconds, and then the screen goes black again and the same message comes up. If i keep doing it, eventually it tells me I   have no drive installed! Also, my browser (FireFox) is behaving even worse than usual. Ive had to boot 3 times before to just get on the computer because it would just keep locking up. Nothing easy is it...  PC Smash What do I do? Once again, thanks for your help.
Logged
Jett Blue
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #3 on: November 19, 2006, 04:13:16 PM »

Also, one of the IP's that keep appearing as a popup is 85.12.25.85. Im highly considering locating this ******* and sending him some nasty things, return the favor, eh Evil? Just thought it could be of some use for you. Thanks again!
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: November 20, 2006, 12:14:47 AM »

 85.12.25.85 is from the Netherlands.If thats of any help

If you cant get to safe mode,run the fix i nornal mode.
Logged

An Australian Member of

EDDY
Jett Blue
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #5 on: November 20, 2006, 03:44:52 AM »

Heres the AVG log...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   10:43:07 PM 11/19/2006

 + Scan result:   



C:\WINDOWS\system32\bkxaqqvq.dll -> Logger.VBStat.e : Cleaned.
C:\WINDOWS\system32\dvbpyhup.dll -> Logger.VBStat.e : Cleaned.
C:\WINDOWS\system32\lmbvoavi.dll -> Logger.VBStat.e : Cleaned.
C:\WINDOWS\system32\weipffdv.dll -> Logger.VBStat.e : Cleaned.
:mozilla.124:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.256:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.213:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.214:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.215:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.217:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.231:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.156:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.106:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.107:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.108:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.109:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.110:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.147:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.121:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.44:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.57:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.117:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.10:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.203:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.204:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.205:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.206:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.131:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.86:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.87:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.88:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.89:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.90:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.145:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.146:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.235:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.236:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.237:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.238:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.196:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.197:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.198:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.61:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.64:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.65:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.66:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.100:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.101:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.102:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.141:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.148:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.99:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.132:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.133:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.134:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.135:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.136:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.137:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.138:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.139:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.140:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.234:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.157:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.158:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.159:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.160:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.161:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\t2mendcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0071010.dll -> Trojan.BHO.g : Cleaned.


::Report end

Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: November 20, 2006, 04:06:42 AM »

Can you post a new HJT log please...
Logged

An Australian Member of

EDDY
Jett Blue
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #7 on: November 20, 2006, 11:44:31 PM »

Logfile of HijackThis v1.99.1
Scan saved at 6:45:24 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1142382607\ee\aolsoftware.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TweakMASTER] C:\PROGRA~1\TWEAKM~1\TMTray.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #8 on: November 21, 2006, 12:26:53 AM »

Yep  that all looks fine now...
Logged

An Australian Member of

EDDY
Jett Blue
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #9 on: November 21, 2006, 01:11:40 AM »

yes by my computer is still having problems, its running slow... system doctor, winantivirus, drivecleaner, they are still popping up when i am on the internet, all the time... once in a while, it wont even let me access MyComputer, so there still must be a problem... is there anything else i can do?
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #10 on: November 21, 2006, 02:45:41 AM »

Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.4 and Ad-aware SE v1.06 . Fix whatever they suggest.

If you would like to learn more about how to use the program with the proper settings you can read the tutorials below:

[
Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.

Logged

An Australian Member of

EDDY
Jett Blue
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #11 on: November 21, 2006, 07:40:11 PM »

Ive had those programs for ages... anything else you can suggest?
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #12 on: November 22, 2006, 12:15:18 AM »

Check for folder for winantivirus 2006 and others in Add/Remove Programs


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 26, 2018, 04:26:08 AM