• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
salma

Logfile of HijackThis

11 posts in this topic

:unsure:

This is the Logfile of HijackThis, I need to know If I have a problem and how to avoid/solve it??

 

Logfile of HijackThis v1.99.1

Scan saved at 06:20:16 م, on 22/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWXP\System32\smss.exe

C:\WINDOWXP\system32\csrss.exe

C:\WINDOWXP\system32\winlogon.exe

C:\WINDOWXP\system32\services.exe

C:\WINDOWXP\system32\lsass.exe

C:\WINDOWXP\system32\Ati2evxx.exe

C:\WINDOWXP\system32\svchost.exe

C:\WINDOWXP\system32\svchost.exe

C:\WINDOWXP\System32\svchost.exe

C:\WINDOWXP\system32\svchost.exe

C:\WINDOWXP\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

C:\WINDOWXP\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWXP\System32\alg.exe

C:\WINDOWXP\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWXP\AGRSMMSG.exe

C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\PROGRA~1\EzButton\CPLDFL10.EXE

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Athan\Athan.exe

C:\Program Files\Winferno\Secure IE\SIEPulse.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWXP\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWXP\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Golden Al-Wafi Translator\Golden Al-Wafi Translator.exe

C:\WINDOWXP\speech\vcmd.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\MOE\Local Settings\Temporary Internet Files\Content.IE5T0LE7K5\HijackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll

O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [CPLDFL10] C:\PROGRA~1\EzButton\CPLDFL10.EXE

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWXP\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe

O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol\face ooze.exe

O4 - HKLM\..\Run: [sIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [readmedead] C:\DOCUME~1\MOE\APPLIC~1\GRIDWI~1\bonesitetwo.exe

O4 - HKCU\..\Run: [superAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages

O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages

O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.bahrainstock.com

O15 - Trusted Zone: *.edu.bh

O15 - Trusted Zone: en.wikipedia.org

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193999091015

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWXP\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWXP\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.

Then I'll take a look. :)

Share this post


Link to post
Share on other sites
Hi,

 

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.

Then I'll take a look. :)

 

 

NoLop! Log by Skate_Punk_21

 

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

 

Fix running from: C:\Documents and Settings\MOE\Desktop

[03/01/2008]

[12:24:57 ص]

 

---Infection Files Found/Removed---

C:\WINDOWXP\tasks\B79753659B34D141.job

 

Beginning Removal...

Rebooting...

 

Beginning Removal...

Rebooting...

 

Beginning Removal...

Rebooting...

Removing Lop's Leftover Files/Folders...

Editing Registry...

**Fix Complete!**

 

---Listing AppData sub directories---

 

C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol

C:\Documents and Settings\All Users\Application Data\Adobe

C:\Documents and Settings\All Users\Application Data\Avg7

C:\Documents and Settings\All Users\Application Data\Grisoft

C:\Documents and Settings\All Users\Application Data\Messenger Plus!

C:\Documents and Settings\All Users\Application Data\Microsoft

C:\Documents and Settings\All Users\Application Data\Microsoft Help

C:\Documents and Settings\All Users\Application Data\Preemptive Solutions

C:\Documents and Settings\All Users\Application Data\Symantec

C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

C:\Documents and Settings\Default User\Application Data\Microsoft

C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory

C:\Documents and Settings\Localservice\Application Data\Microsoft

C:\Documents and Settings\Moe\Application Data\Adobe

C:\Documents and Settings\Moe\Application Data\Adobeum -- EMPTY Directory

C:\Documents and Settings\Moe\Application Data\Ahead

C:\Documents and Settings\Moe\Application Data\Avg7

C:\Documents and Settings\Moe\Application Data\Grid Wipe

C:\Documents and Settings\Moe\Application Data\Help -- EMPTY Directory

C:\Documents and Settings\Moe\Application Data\Identities

C:\Documents and Settings\Moe\Application Data\Macromedia

C:\Documents and Settings\Moe\Application Data\Microsoft

C:\Documents and Settings\Moe\Application Data\Popupcop

C:\Documents and Settings\Moe\Application Data\Real

C:\Documents and Settings\Moe\Application Data\Secureie2004

C:\Documents and Settings\Moe\Application Data\Superadblocker.com

C:\Documents and Settings\Moe\Application Data\Symantec

C:\Documents and Settings\Moe\Application Data\Tuneup Software

C:\Documents and Settings\Moe\Application Data\Winrar -- EMPTY Directory

C:\Documents and Settings\Networkservice\Application Data\Microsoft

C:\Documents and Settings\Networkservice\Application Data\Symantec

Share this post


Link to post
Share on other sites
Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

 

Please can you reply me as soon as possible. 'couse I have a Senoir Project & I need the PC with no problems.

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:48:12 ص, on 03/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWXP\System32\smss.exe

C:\WINDOWXP\system32\csrss.exe

C:\WINDOWXP\system32\winlogon.exe

C:\WINDOWXP\system32\services.exe

C:\WINDOWXP\system32\lsass.exe

C:\WINDOWXP\system32\Ati2evxx.exe

C:\WINDOWXP\system32\svchost.exe

C:\WINDOWXP\system32\svchost.exe

C:\WINDOWXP\System32\svchost.exe

C:\WINDOWXP\system32\svchost.exe

C:\WINDOWXP\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

C:\WINDOWXP\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWXP\System32\alg.exe

C:\WINDOWXP\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWXP\AGRSMMSG.exe

C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\PROGRA~1\EzButton\CPLDFL10.EXE

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Athan\Athan.exe

C:\Program Files\Winferno\Secure IE\SIEPulse.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWXP\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

C:\WINDOWXP\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWXP\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll

O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [CPLDFL10] C:\PROGRA~1\EzButton\CPLDFL10.EXE

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWXP\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe

O4 - HKLM\..\Run: [sIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol\Idol Admin.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [readmedead] C:\DOCUME~1\MOE\APPLIC~1\GRIDWI~1\bonesitetwo.exe

O4 - HKCU\..\Run: [superAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages

O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages

O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.bahrainstock.com

O15 - Trusted Zone: *.cliffsnotes.com

O15 - Trusted Zone: *.edu.bh

O15 - Trusted Zone: *.uob.bh

O15 - Trusted Zone: en.wikipedia.org

O15 - Trusted Zone: *.wordpress.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193999091015

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWXP\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

 

--

End of file - 8695 bytes

Share this post


Link to post
Share on other sites

Hi,

 

* Please download the OTMoveIt by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Where it says: "Paste List of Files/Folders to be Moved", copy and paste next bold part into that Window:
     
    C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol
    C:\WINDOWXP\tasks\B79753659B34D141.job
    C:\Documents and Settings\Moe\Application Data\Grid Wipe
     
     
     
  • Then click the red Moveit! button below.
  • Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.. Then it will reboot your computer.

Even though OTMoveIT didn't ask to reboot your computer - reboot anyway, this since moved files may still be in use.

 

Then, after reboot,

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol\Idol Admin.exe

O4 - HKCU\..\Run: [readmedead] C:\DOCUME~1\MOE\APPLIC~1\GRIDWI~1\bonesitetwo.exe

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

Then, go to next folder: C:\_OTMoveIt\MovedFiles and search for the log: ********_******.log (the * stands for date and time) and post the contents of it in your next repl together with a new HijackThislog.

Share this post


Link to post
Share on other sites
Hi,

 

* Please download the OTMoveIt by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Where it says: "Paste List of Files/Folders to be Moved", copy and paste next bold part into that Window:
     
    C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol
    C:\WINDOWXP\tasks\B79753659B34D141.job
    C:\Documents and Settings\Moe\Application Data\Grid Wipe
     
     
     
  • Then click the red Moveit! button below.
  • Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.. Then it will reboot your computer.

Even though OTMoveIT didn't ask to reboot your computer - reboot anyway, this since moved files may still be in use.

 

Then, after reboot,

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol\Idol Admin.exe

O4 - HKCU\..\Run: [readmedead] C:\DOCUME~1\MOE\APPLIC~1\GRIDWI~1\bonesitetwo.exe

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

Then, go to next folder: C:\_OTMoveIt\MovedFiles and search for the log: ********_******.log (the * stands for date and time) and post the contents of it in your next repl together with a new HijackThislog.

 

This is the Moved file

C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol moved successfully.

File/Folder C:\WINDOWXP\tasks\B79753659B34D141.job not found.

C:\Documents and Settings\Moe\Application Data\Grid Wipe moved successfully.

 

Created on 01032008_140925

 

 

This is the new Log File

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:29:38 م, on 03/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWXP\System32\smss.exe

C:\WINDOWXP\system32\winlogon.exe

C:\WINDOWXP\system32\services.exe

C:\WINDOWXP\system32\lsass.exe

C:\WINDOWXP\system32\Ati2evxx.exe

C:\WINDOWXP\system32\svchost.exe

C:\WINDOWXP\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

C:\WINDOWXP\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWXP\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWXP\AGRSMMSG.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\PROGRA~1\EzButton\CPLDFL10.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Athan\Athan.exe

C:\Program Files\Winferno\Secure IE\SIEPulse.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWXP\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWXP\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll

O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [CPLDFL10] C:\PROGRA~1\EzButton\CPLDFL10.EXE

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWXP\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe

O4 - HKLM\..\Run: [sIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages

O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages

O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.bahrainstock.com

O15 - Trusted Zone: *.cliffsnotes.com

O15 - Trusted Zone: *.edu.bh

O15 - Trusted Zone: *.uob.bh

O15 - Trusted Zone: en.wikipedia.org

O15 - Trusted Zone: *.wordpress.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193999091015

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWXP\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

 

--

End of file - 7724 bytes

Share this post


Link to post
Share on other sites

Hi,

 

This looks OK again.

 

How are things now? CiD popups gone?

Share this post


Link to post
Share on other sites
Hi,

 

This looks OK again.

 

How are things now? CiD popups gone?

 

 

It seems it's OK, but I don't know what will happen after several days/hours. :thumbup:

 

Thanks a lot

Share this post


Link to post
Share on other sites

It should be gone since we deleted the related folders and file it has no loading point anyway anymore :)

 

* Open OTMoveIt and click the CleanUp! button on top.

In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OtMoveIt will delete them.

Do not edit anything in that Window!

Don't worry if it displays some tools you didn't download/use.

Click Yes when it asks to Begin cleanup process.

Then reboot your computer.

 

 

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

 

Happy Surfing again!

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0