Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Screensaver Virus with Bugs Maybe Others  (Read 5599 times)

0 Members and 1 Guest are viewing this topic.

SirrahGreed

    Topic Starter


    Greenhorn

    Screensaver Virus with Bugs Maybe Others
    « on: June 03, 2008, 08:24:02 AM »
    Screensaver shows bugs eatign a retarded jpg file that the desktop pic was change into saying I (friends pc) had spyware. Which ironically is true lol..
    KK here is HJT Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:22:51 AM, on 6/3/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\vtUolMEu.dll (file missing)
    O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128MGUS
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haley\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174761884390
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174763175624
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: vtUolMEu - vtUolMEu.dll (file missing)
    O20 - Winlogon Notify: __c00845E6 - C:\WINDOWS\system32\__c00845E6.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 9227 bytes
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Screensaver Virus with Bugs Maybe Others
    « Reply #1 on: June 03, 2008, 08:34:56 AM »
    You are infected.

    Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Please read this before requesting malware removal help. Following the steps in the Guide will allow for us to quickly help you with specific fixes for what may remain on your system.

    When you have completed those steps post the logs in the Computer Viruses and Spyware forum as outlined in the Please read this thread.

    Thanks - CH Staff
    Logged

    SirrahGreed

      Topic Starter


      Greenhorn

      Re: Screensaver Virus with Bugs Maybe Others
      « Reply #2 on: June 03, 2008, 08:54:24 AM »
      Currently runnin malwarebytes, Ran SuperAntiSpyware remover and got AVG running passively.
      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: Screensaver Virus with Bugs Maybe Others
      « Reply #3 on: June 03, 2008, 09:10:00 AM »
      Sounds good. Once the logs are posted we will go from there.
      Logged

      SirrahGreed

        Topic Starter


        Greenhorn

        SuperAnti Log
        « Reply #4 on: June 03, 2008, 09:16:53 AM »
        SUPERAntiSpyware Scan Log
        http://www.superantispyware.com

        Generated 06/03/2008 at 10:09 AM

        Application Version : 4.15.1000

        Core Rules Database Version : 3473
        Trace Rules Database Version: 1464

        Scan type       : Quick Scan
        Total Scan Time : 00:26:23

        Memory items scanned      : 495
        Memory threats detected   : 3
        Registry items scanned    : 391
        Registry threats detected : 185
        File items scanned        : 19615
        File threats detected     : 133

        Adware.Vundo Variant/Resident
           C:\WINDOWS\SYSTEM32\YAYVSJDT.DLL
           C:\WINDOWS\SYSTEM32\YAYVSJDT.DLL

        Trojan.Vundo-Variant/Small
           C:\WINDOWS\SYSTEM32\BAYNWBLM.DLL
           C:\WINDOWS\SYSTEM32\BAYNWBLM.DLL
           HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A62B230-32EF-4483-AB2F-AE70143901CB}
           HKCR\CLSID\{1A62B230-32EF-4483-AB2F-AE70143901CB}
           HKCR\CLSID\{1A62B230-32EF-4483-AB2F-AE70143901CB}\InprocServer32
           HKCR\CLSID\{1A62B230-32EF-4483-AB2F-AE70143901CB}\InprocServer32#ThreadingModel
           HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8799a095-949c-44fc-968a-a7b2ad5f826d}
           HKCR\CLSID\{8799A095-949C-44FC-968A-A7B2AD5F826D}
           HKCR\CLSID\{8799A095-949C-44FC-968A-A7B2AD5F826D}\InprocServer32
           HKCR\CLSID\{8799A095-949C-44FC-968A-A7B2AD5F826D}\InprocServer32#ThreadingModel
           C:\WINDOWS\SYSTEM32\GTYLGKRE.DLL
           C:\WINDOWS\SYSTEM32\IIFGGGGE.DLL
           C:\WINDOWS\SYSTEM32\OPNMJYPQ.DLL
           C:\WINDOWS\SYSTEM32\WUSSAVON.DLL
           C:\WINDOWS\SYSTEM32\YAYXYYAA.DLL

        Trojan.Downloader-NewJuan/VM
           C:\WINDOWS\SYSTEM32\ANINQJMM.DLL
           C:\WINDOWS\SYSTEM32\ANINQJMM.DLL

        Trojan.Unclassified/SysRest32
           [sysrest32.exe] C:\WINDOWS\SYSTEM32\SYSREST32.EXE
           C:\WINDOWS\SYSTEM32\SYSREST32.EXE
           C:\WINDOWS\Prefetch\SYSREST32.EXE-2FA2622A.pf

        Adware.Zango/ShoppingReport
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
           HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
           HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories
           HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
           HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32
           HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32#ThreadingModel
           HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID
           HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\TypeLib
           HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID
           HKCR\ShoppingReport.HbAx
           HKCR\ShoppingReport.HbAx\CLSID
           HKCR\ShoppingReport.HbAx\CurVer
           HKCR\ShoppingReport.HbAx.1
           HKCR\ShoppingReport.HbAx.1\CLSID
           HKCR\ShoppingReport.HbInfoBand
           HKCR\ShoppingReport.HbInfoBand\CLSID
           HKCR\ShoppingReport.HbInfoBand\CurVer
           HKCR\ShoppingReport.HbInfoBand.1
           HKCR\ShoppingReport.HbInfoBand.1\CLSID
           HKCR\ShoppingReport.IEButton
           HKCR\ShoppingReport.IEButton\CLSID
           HKCR\ShoppingReport.IEButton\CurVer
           HKCR\ShoppingReport.IEButton.1
           HKCR\ShoppingReport.IEButton.1\CLSID
           HKCR\ShoppingReport.IEButtonA
           HKCR\ShoppingReport.IEButtonA\CLSID
           HKCR\ShoppingReport.IEButtonA\CurVer
           HKCR\ShoppingReport.IEButtonA.1
           HKCR\ShoppingReport.IEButtonA.1\CLSID
           HKCR\ShoppingReport.RprtCtrl
           HKCR\ShoppingReport.RprtCtrl\CLSID
           HKCR\ShoppingReport.RprtCtrl\CurVer
           HKCR\ShoppingReport.RprtCtrl.1
           HKCR\ShoppingReport.RprtCtrl.1\CLSID
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Control
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32#ThreadingModel
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Programmable
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\TypeLib
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Version
           HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID
           HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}
           HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32
           HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32#ThreadingModel
           HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID
           HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\Programmable
           HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\TypeLib
           HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID
           HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}
           HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32
           HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32#ThreadingModel
           HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID
           HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\Programmable
           HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\TypeLib
           HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID
           HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
           HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0
           HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
           HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
           HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
           HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
           HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
           HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0
           HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
           HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
           HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
           HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
           HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
           HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0
           HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0
           HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32
           HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS
           HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR
           HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
           HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
           HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
           HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
           HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
           HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
           HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
           HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
           HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
           HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
           HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
           HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid
           HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32
           HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib
           HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version
           HKU\S-1-5-21-1645522239-162531612-725345543-1004\Software\ShoppingReport
           HKLM\Software\ShoppingReport
           HKLM\Software\ShoppingReport#affid
           HKLM\Software\ShoppingReport#Version
           HKLM\Software\ShoppingReport#ProductName
           HKLM\Software\ShoppingReport#requestor
           HKLM\Software\ShoppingReport#SG_Not_Set
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayIcon
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayName
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#UninstallString
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayVersion
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#URLInfoAbout
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#Publisher
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID
           HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension
           C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
           C:\Program Files\ShoppingReport\Bin\2.5.0
           C:\Program Files\ShoppingReport\Bin
           C:\Program Files\ShoppingReport\Uninst.exe
           C:\Program Files\ShoppingReport
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\Config.xml
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\db\Aliases.dbs
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\db\Sites.dbs
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\db
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\dwld
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\report\aggr_storage.xml
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\report\send_storage.xml
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\report
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\res1
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs
           C:\Documents and Settings\shandaros\Application Data\ShoppingReport
        Logged

        SirrahGreed

          Topic Starter


          Greenhorn

          superanti part 2
          « Reply #5 on: June 03, 2008, 09:17:17 AM »
          Adware.Tracking Cookie
             C:\Documents and Settings\shandaros\Cookies\shandaros@advertising[2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@media6degrees[2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@burstnet[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@precisionclick[2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@tribalfusion[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@overture[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@apmebf[1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@adrevolver[2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@fastclick[1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@adlegend[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@atdmt[2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@consumergain[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@bluestreak[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@specificclick[2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@hitbox[2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@questionmarket[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@realmedia[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@247realmedia[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@mediaplex[2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@zedo[1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@partner2profit[1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@doubleclick[1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@trafficmp[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@2o7[1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@serving-sys[3].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@mywebsearch[2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][3].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@tacoda[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@insightexpressai[2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@clicksor[1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@azjmp[1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@revsci[2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@statcounter[1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@dealtime[1].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@revenue[2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@casalemedia[2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][1].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\[email protected][2].txt
             C:\Documents and Settings\shandaros\Cookies\shandaros@clickbank[5].txt

          Rogue.AdvancedXPDefender
             HKLM\Software\AXPDefender
             HKLM\Software\AXPDefender#MGuid
             HKLM\Software\AXPDefender\AXPDefender
             HKLM\Software\AXPDefender\AXPDefender#RegistrationUrl
             HKLM\Software\AXPDefender\AXPDefender#RegistrationDiscUrl
             HKLM\Software\AXPDefender\AXPDefender#ADVid
             HKLM\Software\AXPDefender\AXPDefender#InstallDir
             HKLM\Software\AXPDefender\AXPDefender#domain
             HKLM\Software\AXPDefender\AXPDefender#SoftID
             HKLM\Software\AXPDefender\AXPDefender#DatabaseVersion
             HKLM\Software\AXPDefender\AXPDefender#ProgramVersion
             HKLM\Software\AXPDefender\AXPDefender#EngineVersion
             HKLM\Software\AXPDefender\AXPDefender#GuiVersion
             HKLM\Software\AXPDefender\AXPDefender#ProxyName
             HKLM\Software\AXPDefender\AXPDefender#ProxyPort
             HKLM\Software\AXPDefender\AXPDefender#ScanPriority
             HKLM\Software\AXPDefender\AXPDefender#DaysInterval
             HKLM\Software\AXPDefender\AXPDefender#ScanDepth
             HKLM\Software\AXPDefender\AXPDefender#ScanSystemOnStartup
             HKLM\Software\AXPDefender\AXPDefender#AutomaticallyUpdates
             HKLM\Software\AXPDefender\AXPDefender#MinimizeOnStart
             HKLM\Software\AXPDefender\AXPDefender#BackgroundScan
             HKLM\Software\AXPDefender\AXPDefender#BackgroundScanTimeout
             HKLM\Software\AXPDefender\AXPDefender#InstallationID
             HKLM\Software\AXPDefender\AXPDefender#LastTimeStamp
             HKLM\Software\AXPDefender\AXPDefender#LastUpdateDate
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Packages
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine
             C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender
             C:\Documents and Settings\shandaros\Application Data\AXPDefender

          Rogue.AdvancedXPFixer
             HKLM\Software\AXPFixer
             HKLM\Software\AXPFixer#MGuid
             HKLM\Software\AXPFixer\AXPFixer
             HKLM\Software\AXPFixer\AXPFixer#RegistrationUrl
             HKLM\Software\AXPFixer\AXPFixer#RegistrationDiscUrl
             HKLM\Software\AXPFixer\AXPFixer#ADVid
             HKLM\Software\AXPFixer\AXPFixer#InstallDir
             HKLM\Software\AXPFixer\AXPFixer#domain
             HKLM\Software\AXPFixer\AXPFixer#SoftID
             HKLM\Software\AXPFixer\AXPFixer#DatabaseVersion
             HKLM\Software\AXPFixer\AXPFixer#ProgramVersion
             HKLM\Software\AXPFixer\AXPFixer#EngineVersion
             HKLM\Software\AXPFixer\AXPFixer#GuiVersion
             HKLM\Software\AXPFixer\AXPFixer#ProxyName
             HKLM\Software\AXPFixer\AXPFixer#ProxyPort
             HKLM\Software\AXPFixer\AXPFixer#ScanPriority
             HKLM\Software\AXPFixer\AXPFixer#DaysInterval
             HKLM\Software\AXPFixer\AXPFixer#ScanDepth
             HKLM\Software\AXPFixer\AXPFixer#ScanSystemOnStartup
             HKLM\Software\AXPFixer\AXPFixer#AutomaticallyUpdates
             HKLM\Software\AXPFixer\AXPFixer#MinimizeOnStart
             HKLM\Software\AXPFixer\AXPFixer#BackgroundScan
             HKLM\Software\AXPFixer\AXPFixer#BackgroundScanTimeout
             HKLM\Software\AXPFixer\AXPFixer#InstallationID
             HKLM\Software\AXPFixer\AXPFixer#LastTimeStamp
             HKLM\Software\AXPFixer\AXPFixer#LastUpdateDate
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Packages
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine
             C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer
             C:\Documents and Settings\shandaros\Application Data\AXPFixer

          Adware.Vundo Variant/Rel
             HKLM\SOFTWARE\Microsoft\aoprndtws
             HKLM\SOFTWARE\Microsoft\FCOVM
             HKLM\SOFTWARE\Microsoft\RemoveRP
             HKU\S-1-5-21-1645522239-162531612-725345543-1004\Software\Microsoft\rdfa

          Trojan.Unclassified/WinBx
             C:\DOCUMENTS AND SETTINGS\NEAL CHAPMAN\LOCAL SETTINGS\TEMP\SETUP_J22Q5.EXE

          Trojan.Unknown Origin
             C:\WINDOWS\SYSTEM32\CTFMONB.BMP

          Trojan.Downloader-Gen/Multi
             C:\WINDOWS\SYSTEM32\~.EXE

          Logged

          SirrahGreed

            Topic Starter


            Greenhorn

            Re: Screensaver Virus with Bugs Maybe Others
            « Reply #6 on: June 03, 2008, 09:54:22 AM »
            Malware Scan sure is time consuming, only 30gb used on this HD and its taken over an hour. Glad this is MY PC lol.

            160,000 files
            1.5hours and counting, pc is only 1300ghz single core, kinda got some age on it.
            « Last Edit: June 03, 2008, 10:16:38 AM by SirrahGreed »
            Logged

            SirrahGreed

              Topic Starter


              Greenhorn

              Re: Screensaver Virus with Bugs Maybe Others
              « Reply #7 on: June 03, 2008, 10:47:21 AM »
              Malware log, after reboot I ran HJT and posting log again now. All Attached

              [recovering space - attachment deleted by admin]
              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: Screensaver Virus with Bugs Maybe Others
              « Reply #8 on: June 03, 2008, 10:59:36 AM »
              Looks good so far.

              You have Viewpoint installed.

              Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". See Viewpoint to Plunge Into Adware

              It is suggested to remove the program now.
              Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
              • Viewpoint
              • Viewpoint Manager
              • Viewpoint Media Player
              • Viewpoint Toolbar
              • Viewpoint Experience Technology
              If you have trouble removing Viewpoint, I suggest that you use ViewpointKiller

              Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop.
              Run ViewpointKiller, and select File > Do All Killings
              Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with.

              ----------

              Open Hijackthis and select Do a system scan only.

              Place a check mark next to the following entries: (if there)

              - O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
              - 020 - Winlogon Notify: vtUolMEu - vtUolMEu.dll (file missing)

              Important: Close all windows except for Hijackthis and then click Fix checked.

              Exit Hijackthis.

              ----------

              Run CCleaner.

              How is everything now?
              Logged

              SirrahGreed

                Topic Starter


                Greenhorn

                Re: Screensaver Virus with Bugs Maybe Others
                « Reply #9 on: June 03, 2008, 01:05:12 PM »
                Will be back at pc (belongs to a friend) and will continue with your last advice in about 24hours from this post. <3 thx for everything up til now
                Logged

                SirrahGreed

                  Topic Starter


                  Greenhorn

                  Re: Screensaver Virus with Bugs Maybe Others
                  « Reply #10 on: June 04, 2008, 06:17:27 PM »
                  Am using a different login user this time. here is a HJT log after I removed the 2 files you advised, and am about to run Superanti again for a quick search on this alt user.

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 8:16:25 PM, on 6/4/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
                  C:\WINDOWS\system32\HPZipm12.exe
                  C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\wscntfy.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
                  C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
                  C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                  C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
                  R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
                  R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
                  R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                  O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
                  O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
                  O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
                  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
                  O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
                  O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto
                  O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
                  O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                  O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
                  O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128MGUS
                  O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                  O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haley\Start Menu\Programs\IMVU\Run IMVU.lnk
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                  O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
                  O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab
                  O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174761884390
                  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174763175624
                  O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
                  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                  O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

                  --
                  End of file - 9309 bytes
                  Logged

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                    • Genius
                  • Calm like a bomb
                    • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  Re: Screensaver Virus with Bugs Maybe Others
                  « Reply #11 on: June 04, 2008, 06:23:32 PM »
                  Open Hijackthis and select Do a system scan only.

                  Place a check mark next to the following entries: (if there)

                  - R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
                  - O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto
                  - O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128MGUS

                  Important: Close all windows except for Hijackthis and then click Fix checked.

                  Exit Hijackthis.

                  ----------

                  Create An Uninstall List
                  • Start HijackThis
                  • Click on the Open the Misc Tools section
                  • Click on the Open Uninstall Manager button.
                  • Click on the Save list button and specify where you would like to save this file and click Save.
                    • When you press Save button a notepad will open with the contents of that file.
                  • Copy and paste that list in your reply.
                  Logged

                  SirrahGreed

                    Topic Starter


                    Greenhorn

                    Re: Screensaver Virus with Bugs Maybe Others
                    « Reply #12 on: June 04, 2008, 06:56:52 PM »
                    kk thx again man, count not find the HKCU-weather.exe one, but removed the other 2 plus one for ctmond? or w/e thatw as changing the backdrop + one for aol toolbar, which this pc shouldn't even have.

                    NEW HJT LOG

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 8:55:37 PM, on 6/4/2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
                    C:\WINDOWS\system32\HPZipm12.exe
                    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\Program Files\iPod\bin\iPodService.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\wscntfy.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
                    C:\Program Files\QuickTime\qttask.exe
                    C:\Program Files\iTunes\iTunesHelper.exe
                    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
                    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                    C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
                    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                    C:\WINDOWS\system32\notepad.exe
                    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
                    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
                    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
                    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                    O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
                    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                    O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
                    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
                    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
                    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
                    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
                    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
                    O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Haley')
                    O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Haley')
                    O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Haley')
                    O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [A00F5467D96.exe] C:\DOCUME~1\Haley\LOCALS~1\Temp\_A00F5467D96.exe (User 'Haley')
                    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                    O4 - S-1-5-21-1645522239-162531612-725345543-1010 Startup: IMVU.lnk = C:\Documents and Settings\Haley\My Documents\IMVU\IMVUClient.exe (User 'Haley')
                    O4 - S-1-5-21-1645522239-162531612-725345543-1010 User Startup: IMVU.lnk = C:\Documents and Settings\Haley\My Documents\IMVU\IMVUClient.exe (User 'Haley')
                    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haley\Start Menu\Programs\IMVU\Run IMVU.lnk
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
                    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
                    O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab
                    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
                    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174761884390
                    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174763175624
                    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
                    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
                    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

                    --
                    End of file - 9737 bytes

                    Logged

                    evilfantasy

                    • Malware Removal Specialist
                    • Moderator


                      • Genius
                    • Calm like a bomb
                      • Thanked: 493
                    • Experience: Experienced
                    • OS: Windows 11
                    Re: Screensaver Virus with Bugs Maybe Others
                    « Reply #13 on: June 04, 2008, 07:07:56 PM »
                    I was needing an uninstall list.

                    Create An Uninstall List
                    • Start HijackThis
                    • Click on the Open the Misc Tools section
                    • Click on the Open Uninstall Manager button.
                    • Click on the Save list button and specify where you would like to save this file and click Save.
                      • When you press Save button a notepad will open with the contents of that file.
                    • Copy and paste that list in your reply.
                    Logged
                    Pages: [1]   Go Up
                    « previous next »