Pete

Member
  • Content Count

    7
  • Joined

  • Last visited

Everything posted by Pete

  1. here is the highjack log: Logfile of HiJackFree v3.0 Scan saved at 10:03:20 PM, on 10/1/2009 Platform: Windows XP Service Pack 3 (Windows NT 5.1.2600) MSIE: Internet Explorer v 8.0 Service Pack 3 (8.0.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\a-squared Free\a2free.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\a-squared HiJackFree\a2hijackfree.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links O2 - BHO: - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - O2 - BHO: - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} - O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DmwClient] "dmwclient.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKLM\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O7 - Regedit - Enabled O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll O21 - ShellServiceObjectDelayLoad: PostBootReminder - O21 - ShellServiceObjectDelayLoad: CDBurn - O21 - ShellServiceObjectDelayLoad: WebCheck - O21 - ShellServiceObjectDelayLoad: SysTray - O21 - ShellServiceObjectDelayLoad: WPDShServiceObj - O22 - SharedTaskScheduler: Browseui preloader - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll O23 - Service: IPv6 Helper Service - C:\WINDOWS\system32\svchost.exe O23 - Service: a-squared Free Service - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe O23 - Service: Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe O23 - Service: Avira AntiVir Scheduler - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Management - C:\WINDOWS\system32\svchost.exe O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe O23 - Service: Background Intelligent Transfer Service - C:\WINDOWS\system32\svchost.exe O23 - Service: Computer Browser - C:\WINDOWS\system32\svchost.exe O23 - Service: Indexing Service - C:\WINDOWS\system32\cisvc.exe O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe O23 - Service: COM+ System Application - C:\WINDOWS\system32\dllhost.exe O23 - Service: Cryptographic Services - C:\WINDOWS\system32\svchost.exe O23 - Service: DCOM Server Process Launcher - C:\WINDOWS\system32\svchost O23 - Service: DHCP Client - C:\WINDOWS\system32\svchost.exe O23 - Service: Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Logical Disk Manager - C:\WINDOWS\System32\svchost.exe O23 - Service: DNS Client - C:\WINDOWS\system32\svchost.exe O23 - Service: Wired AutoConfig - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensible Authentication Protocol Service - C:\WINDOWS\System32\svchost.exe O23 - Service: Error Reporting Service - C:\WINDOWS\System32\svchost.exe O23 - Service: Event Log - C:\WINDOWS\system32\services.exe O23 - Service: COM+ Event System - C:\WINDOWS\system32\svchost.exe O23 - Service: Fast User Switching Compatibility - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe O23 - Service: Google Updater Service - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Help and Support - C:\WINDOWS\System32\svchost.exe O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe O23 - Service: Health Key and Certificate Management Service - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows CardSpace - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe O23 - Service: IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe O23 - Service: Server - C:\WINDOWS\system32\svchost.exe O23 - Service: Workstation - C:\WINDOWS\system32\svchost.exe O23 - Service: TCP/IP NetBIOS Helper - C:\WINDOWS\system32\svchost.exe O23 - Service: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe O23 - Service: MSSQL$SONY_MEDIAMGR - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe O23 - Service: MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe O23 - Service: Network DDE - C:\WINDOWS\system32\netdde.exe O23 - Service: Network DDE DSDM - C:\WINDOWS\system32\netdde.exe O23 - Service: Net Logon - C:\WINDOWS\system32\lsass.exe O23 - Service: Network Connections - C:\WINDOWS\System32\svchost.exe O23 - Service: Net.Tcp Port Sharing Service - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe O23 - Service: nHancer Support - C:\Program Files\KSE\nHancer 32bit\nHancerService.exe O23 - Service: Network Location Awareness (NLA) - C:\WINDOWS\system32\svchost.exe O23 - Service: NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe O23 - Service: Removable Storage - C:\WINDOWS\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: IPSEC Services - C:\WINDOWS\system32\lsass.exe O23 - Service: Protected Storage - C:\WINDOWS\system32\lsass.exe O23 - Service: Remote Access Auto Connection Manager - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Access Connection Manager - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Routing and Remote Access - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Registry - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe O23 - Service: Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe O23 - Service: Security Accounts Manager - C:\WINDOWS\system32\lsass.exe O23 - Service: Smart Card - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Task Scheduler - C:\WINDOWS\System32\svchost.exe O23 - Service: Secondary Logon - C:\WINDOWS\System32\svchost.exe O23 - Service: System Event Notification - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - C:\WINDOWS\system32\svchost.exe O23 - Service: Shell Hardware Detection - C:\WINDOWS\System32\svchost.exe O23 - Service: Print Spooler - C:\WINDOWS\system32\spoolsv.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE O23 - Service: System Restore Service - C:\WINDOWS\system32\svchost.exe O23 - Service: SSDP Discovery Service - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe O23 - Service: Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telephony - C:\WINDOWS\System32\svchost.exe O23 - Service: Terminal Services - C:\WINDOWS\System32\svchost O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Distributed Link Tracking Client - C:\WINDOWS\system32\svchost.exe O23 - Service: Universal Plug and Play Device Host - C:\WINDOWS\system32\svchost.exe O23 - Service: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service - C:\Program Files\MSN Messenger\usnsvc.exe O23 - Service: Viewpoint Manager Service - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe O23 - Service: Windows Time - C:\WINDOWS\System32\svchost.exe O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Management Instrumentation - C:\WINDOWS\system32\svchost.exe O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows Management Instrumentation Driver Extensions - C:\WINDOWS\System32\svchost.exe O23 - Service: WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Windows Media Player Network Sharing Service - C:\Program Files\Windows Media Player\WMPNetwk.exe O23 - Service: Security Center - C:\WINDOWS\System32\svchost.exe O23 - Service: Automatic Updates - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe O23 - Service: Wireless Zero Configuration - C:\WINDOWS\System32\svchost.exe O23 - Service: Network Provisioning Service - C:\WINDOWS\System32\svchost.exe
  2. here is today deep scan of asquared: a-squared Free - Version 4.5 Last update: 10/1/2009 9:50:17 PM Scan settings: Scan type: Deep Scan Objects: Memory, Traces, Cookies, C:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 10/2/2009 2:50:44 PM Scanned Files: 219320 Traces: 680786 Cookies: 10 Processes: 32 Found Files: 0 Traces: 0 Cookies: 0 Processes: 0 Registry keys: 0 Scan end: 10/2/2009 4:18:30 PM Scan time: 1:27:46
  3. here is the first scan that told me i had something: a-squared Free - Version 4.5 Last update: 10/1/2009 6:58:01 PM Scan settings: Scan type: Deep Scan Objects: Memory, Traces, Cookies, C:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 10/1/2009 6:58:32 PM c:\inetpub detected: Trace.Directory.intrafoundation.com!A2 c:\inetpub\wwwroot detected: Trace.Directory.intrafoundation.com!A2 Scanned Files: 218983 Traces: 680786 Cookies: 5 Processes: 31 Found Files: 0 Traces: 2 Cookies: 0 Processes: 0 Registry keys: 0 Scan end: 10/1/2009 8:26:33 PM Scan time: 1:28:01 c:\inetpub Quarantined Trace.Directory.intrafoundation.com!A2 c:\inetpub\wwwroot Quarantined Trace.Directory.intrafoundation.com!A2 c:\inetpub Quarantined Trace.Directory.intrafoundation.com!A2 c:\inetpub\wwwroot Quarantined Trace.Directory.intrafoundation.com!A2 Quarantined Files: 0 Traces: 4 Cookies: 0
  4. I started to download the programs in the link you sent me, but my anti virus flagged a bunch of them including ISeeYouXP as a worm and blocked them. I used the sites that in the post.
  5. I ran a scan and got this intrafoundation.com!A2 caught by A squared. I tried to quarantine it but I got this message: you cannot delete c:\inetpub go to the forums for help from the experts to remove this manually. Here is my scan Log. a-squared Free - Version 4.5 Last update: 10/1/2009 6:58:01 PM Scan settings: Scan type: Deep Scan Objects: Memory, Traces, Cookies, C:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 10/1/2009 6:58:32 PM c:\inetpub detected: Trace.Directory.intrafoundation.com!A2 c:\inetpub\wwwroot detected: Trace.Directory.intrafoundation.com!A2 Scanned Files: 218983 Traces: 680786 Cookies: 5 Processes: 31 Found Files: 0 Traces: 2 Cookies: 0 Processes: 0 Registry keys: 0 Scan end: 10/1/2009 8:26:33 PM Scan time: 1:28:01 c:\inetpub Quarantined Trace.Directory.intrafoundation.com!A2 c:\inetpub\wwwroot Quarantined Trace.Directory.intrafoundation.com!A2 c:\inetpub Quarantined Trace.Directory.intrafoundation.com!A2 c:\inetpub\wwwroot Quarantined Trace.Directory.intrafoundation.com!A2 Quarantined Files: 0 Traces: 4 Cookies: 0 what and where do i go from here?