0

Here's my hijack log: IE takes forever to load but once it's loaded it's fine, it's just new windows that take a long time to load. I'm also getting alot of popups. I've ran ad-aware alot and it's still bad.

-Kelly

Logfile of HijackThis v1.99.1
Scan saved at 9:31:32 PM, on 4/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\scvhost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Banshee\Desktop\HijackThis.exe
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\tmp5.tmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {cd3bcbe9-095a-4bff-ab05-763c091383bd} - C:\WINDOWS\system32\mscgdb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe"
O4 - HKLM\..\Run: [mmtray2k] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe"
O4 - HKLM\..\Run: [mmtraylsi] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\hgdaax.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O20 - AppInit_DLLs:
O20 - Winlogon Notify: mscgdb - C:\WINDOWS\SYSTEM32\mscgdb.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

2
Contributors
5
Replies
6
Views
10 Years
Discussion Span
Last Post by crunchie
0

Please download and install AVG antispyware tool

  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait and AVG antispyware will open to the main screen automatically.
  • Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
  • This is very important to get updates
  • When updating has finished. Close AVG antispyware.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!

  • Run AVG antispyware.
  • Click on scanner at top of AVG antispyware sceen.
  • Click on Settings.
  • Under How to Act click on Recommended Action and choose Quarantine.
  • Under How to scan all boxes should be selected.
  • Under Possibly unwanted software all boxes should be selected.
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file.
  • Click On scan Tab.
  • Click on Complete system scan.
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished at bottom of screen click Apply all Actions.
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop.
  • Click Save.
  • Exit AVG antispyware.

Reboot back to normal mode.


Post the log here.

==========

Download the tool below:

http://noahdfear.geekstogo.com/FindAWF.exe

Save the file to your desktop and double click it to start it.

It will scan files on your C: drive and then when finished it will produce a log called awf.txt. Please post that log in your next reply.

0

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:27:21 PM 4/17/2007
+ Scan result:

C:\Documents and Settings\Banshee\Local Settings\Temporary Internet Files\Content.IE5\I5OJMPQ5\smysmymr20070406[1] -> Adware.Virtumonde : No action taken.
C:\Program Files\AWS\WeatherBug\bak\Weather.exe -> Adware.WeatherBug : No action taken.
C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\AWS\WeatherBug\Weather.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Grisoft\AVG7\avgcc.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Grisoft\AVG7\avgregcl.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe -> Downloader.Agent.awf : No action taken.
C:\Program Files\QuickTime\qttask.exe -> Downloader.Agent.awf : No action taken.
C:\WINDOWS\system32\lsasss.exe -> Downloader.Agent.awf : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temp\tmp14.tmp.exe -> Downloader.Agent.bjk : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temporary Internet Files\Content.IE5\ENW4HVZ2\CAZQCBBP.php -> Downloader.Agent.bjk : No action taken.
C:\WINDOWS\system32\regperf.exe -> Downloader.Zlob.oh : No action taken.
C:\WINDOWS\system32\dcomcfg.exe -> Downloader.Zlob.oi : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temporary Internet Files\Content.IE5\M3MN65QR\WinAntiVirusPro2007FreeInstall[1].cab/UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\system32\appmagr.dll -> Not-A-Virus.Hoax.Win32.Renos.da : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@arn.aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@ads.cnn[1].txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@sales.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@server3.web-stat[1].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Banshee\Cookies\banshee@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temp\temp.fr59BF -> Trojan.BHO.g : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temp\tmp5.tmp.exe -> Trojan.Small : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temporary Internet Files\Content.IE5\CDKT2ZC1\drf1175731465[1].htm -> Trojan.Small : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temporary Internet Files\Content.IE5\CDKT2ZC1\drf1175731465[1].htm.exe -> Trojan.Small : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temporary Internet Files\Content.IE5\I5OJMPQ5\bugoga[1] -> Trojan.Small : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temporary Internet Files\Content.IE5\IFPW5MWV\drf1176250184[1].htm -> Trojan.Small : No action taken.
C:\Documents and Settings\Banshee\Local Settings\Temporary Internet Files\Content.IE5\IFPW5MWV\drf1176250184[1].htm.exe -> Trojan.Small : No action taken.
C:\WINDOWS\system32\atmclk.exe -> Trojan.Small : No action taken.
C:\WINDOWS\sCache32\2 Find MP3 8.2.0.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\AC3-MP3 converter.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\ACDSee 5.5b.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\ACDSee Classic 2.79.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\AOL Instant Messenger 6.1.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Ad-aware 6.5 (new).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Adobe PhotoShop 7.1 crack.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\All Editor 3.0b.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Auction Sentry (new).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\AudioLabel CD Labeler 3.0 (+crack).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Battlefied1942 Pack4 (crack+bloodpatch).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\BearShare 5.1.1.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\C&C Generals Pack2 (new patch).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Complete UK Music Database 4.2.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\DirectDVD 4.9.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\DivX Video Bundle 5.5.1.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\DivX edit (new).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Download Accelerator Plus 6.3.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\DvD Rip guide (+tools) st0rm.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Dynamite Downloads.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Easy CD Creator Software Update.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Find 1.0.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\FlashFXP (keygen).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\FreeRip 4.30.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Genie Stream 3.2.4.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Global DiVX Player 2.0.1.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Gothic 2 (m-patch).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Grokster 2.0.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\HL keys (working).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Hacker Tutorial (by ph3Akz).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Half-Life keygen (+ogc hack).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\I.G.I. 2 (new crack).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\ICQ Lite beta (b2253).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\ICQ Pro 2003a beta (b4600).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\James Bond 007 Nightfire crack.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\KaZooM MP3 Kazaa Accelerator 2.5.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Kazaa Media Desktop 2.5.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Kazaa Skins 1.8.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\MP3 cut pro 3.0.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\MSN Messenger 5.5.10.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Medal Of Honor (Allied Assault) crack.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Morpheus 2.6.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Need for Speed 6 (new cars + crack).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\NeoNapster 3.92.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Nero Burning ROM 5.8.2.4.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\New Nvidia (geForce) drivers (beta).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Operation Flashpoint (bloopatch).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Patch Creator 3.5a.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\PhotoShow 3.1.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Ps2 to Pc tutorial (+tool).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Raven Shield 5.32 crack.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\RealOne Free Player 2.8.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\RemoteSpy 1.5.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Sim City 4 crack.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Splinter Cell crack.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\TitJiggle (flash game).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Trillian 0.8 + plugins.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\UT2003 multi-crack (new).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\UniversalFlood (4.8b).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Unreal2 (2.8) crack.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\WS_FTP LE 6.0.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Warcraft3 battle.net(2.5) crack.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\WinRAR 3.8.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\WinZip 8.3b (crack).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\WinZip 9.0 SR-1.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Window Washer 4.8.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\Wippit 2.1 (beta).exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\iMesh 4.1 beta.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\iSnipeIt 5.0c.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\mIRC 6.x addon patch.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\sCache32\mIRC s3th war-script.exe -> Worm.SdDrop.c : No action taken.
C:\WINDOWS\system32\xms32.exe -> Worm.SdDrop.c : No action taken.

::Report end

Not sure why it say's no action was taken, I selected for everything to be quaranteened.

0

Can you try again with the quarantine please.

Download the tool below:

http://noahdfear.geekstogo.com/FindAWF.exe

Save the file to your desktop and double click it to start it.

It will scan files on your C: drive and then when finished it will produce a log called awf.txt. Please post that log in your next reply.

0

Ran it again with quarantine, here's the AWF log:

-Kelly


Find AWF report by noahdfear ©2006

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
09/01/2006 04:57 PM 282,624 qttask.exe
1 File(s) 282,624 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/29/2002 06:41 AM 13,312 ctfmon.exe
1 File(s) 13,312 bytes
Directory of C:\PROGRA~1\AWS\WEATHE~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\GRISOFT\AVG7\BAK
03/01/2006 01:10 AM 284,207 avgcc.exe
03/01/2006 01:10 AM 3,123 avgregcl.exe
2 File(s) 287,330 bytes
Directory of C:\PROGRA~1\MI948F~1\KEYBOARD\BAK
03/22/2002 12:41 AM 94,208 type32.exe
1 File(s) 94,208 bytes
Directory of C:\PROGRA~1\VALVE\STEAM\BAK
01/15/2007 05:33 PM 1,269,760 steam.exe
1 File(s) 1,269,760 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
01/12/2005 01:39 AM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK
01/25/2007 06:59 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
11/09/2006 04:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
13312 Aug 29 2002 "C:\WINDOWS\system32\ctfmon.exe"
13312 Aug 29 2002 "C:\WINDOWS\system32\bak\ctfmon.exe"
13312 Aug 23 2001 "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8b5e9cdb91dddbb342695fbdc36fe0e4\backup\ctfmon.exe"
284207 Mar 1 2006 "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe"
3123 Mar 1 2006 "C:\Program Files\Grisoft\AVG7\bak\avgregcl.exe"
94208 Mar 22 2002 "C:\Program Files\Microsoft Hardware\Keyboard\bak\type32.exe"
1269760 Mar 24 2007 "C:\Program Files\Valve\Steam\Steam.exe"
1269760 Jan 15 2007 "C:\Program Files\Valve\Steam\bak\steam.exe"
180269 Jan 12 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
52272 Jan 25 2007 "C:\Program Files\Google\googletoolbar3user.exe"
454724 Sep 16 2005 "C:\Program Files\Google\Google Earth\GoogleEarth.exe"
138168 Jan 25 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
171448 Jan 25 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
32881 Jun 3 2004 "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
32881 Sep 28 2004 "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"

end of report

0

Sorry for my late reply, I totally missed your post.

Download ATF Cleaner by Atribune and save it to your Desktop.

http://www.atribune.org/ccount/click.php?id=1

Do nothing with it yet.

This file is intended for this user only! Each computer is different and will require a different fix!

Copy the following text inside quote box to a new notepad file
Make sure "wordwrap" is off
Save as file name fix.bat
As file types: All files
Save it to your desktop. Do nothing with it yet.

@ECHO OFF
move /y C:\Program Files\QuickTime\bak\qttask.exe C:\Program Files\QuickTime
move /y "C:\WINDOWS\system32\bak\ctfmon.exe" "C:\WINDOWS\system32"
move /y "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe" "C:\Program Files\Grisoft\AVG7"
move /y "C:\Program Files\Grisoft\AVG7\bak\avgregcl.exe" "C:\Program Files\Grisoft\AVG7"
move /y "C:\Program Files\Microsoft Hardware\Keyboard\bak\type32.exe" "C:\Program Files\Microsoft Hardware\Keyboard"
move /y "C:\Program Files\Valve\Steam\bak\steam.exe" "C:\Program Files\Valve\Steam"
move /y "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe" "C:\Program Files\Common Files\Real\Update_OB"
move /y "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe" "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462"
move /y "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe" "C:\Program Files\Java\jre1.5.0_10\bin"

Download: ResetProtocolDefaults.reg to your desktop.
http://www.mvps.org/winhelp2002/Rese...olDefaults.reg

Do nothing with it yet.

Download http://www.mvps.org/winhelp2002/DelDomains.inf and place it on desktop

Do nothing with it yet.

Boot to SAFE mode:
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, the Advanced Options Menu should appear;
[*]Select the first option, to run Windows in Safe Mode, then press Enter.
[*]Choose your usual account.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

Locate DelDomains.inf, right click it and choose install
You will see nothing happening cept the curser might go to hourglass a sec.
This will delete any bad trusted domains.


Locate ResetProtocolDefaults.reg
Right click it, select merge, OK the prompt.
This will reset default security zones for IE.

Locate Fix.bat you created earlier and double click it.
A "dos" box will flash up quick and dissapear.
This is normal.

Reboot back to normal mode and post both a new hijackthis log and a FindAWF log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.