Hijackthis Log 1

[MarkZK]

Hi all,

for those of you in the know, could you tell me if this log looks clean from adware/spyware/malware/scumware.

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Thompson\Local Settings\Temporary Internet Files\Content.IE5\C1ZJ4TU7\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL unfurl="true"]http://www.aol.co.uk/[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL unfurl="true"]http://www.supanet.com/search/iepanel/[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Supanet Internet Explorer
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-GB\local\search.html
O8 - Extra context menu item: &Search - [URL unfurl="true"]http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029AZGB_ZNxdm461AXGB[/URL]
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: Bingo Luau by pogo - [URL unfurl="true"]http://game3.pogo.com/v/9.0.1.7/applet/freebingo/freebingo-en_US.cab[/URL]
O16 - DPF: Tri-Peaks by pogo - [URL unfurl="true"]http://game3.pogo.com/v/9.0.3.5/applet/peaks/peaks-en_US.cab[/URL]
O16 - DPF: World Class Solitaire by pogo - [URL unfurl="true"]http://game1.pogo.com/applet-6.8.2.23/worldclass/worldclass-en_GB.cab[/URL]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [URL unfurl="true"]http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab[/URL]
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - [URL unfurl="true"]https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab[/URL]
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - [URL unfurl="true"]http://www.silvercrk.com/php/hwhearts_scecab_195.93.21.2.14297110968999664_7232155.cab[/URL]
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [URL unfurl="true"]http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab[/URL]
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - [URL unfurl="true"]http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB[/URL]
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - [URL unfurl="true"]http://www.couponreport.net/ftp/v3123/csauie1.cab[/URL]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [URL unfurl="true"]http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab[/URL]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [URL unfurl="true"]http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab[/URL]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [URL unfurl="true"]http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[/URL]
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - [URL unfurl="true"]http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab[/URL]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [URL unfurl="true"]http://messenger.msn.com/download/msnmessengersetupdownloader.cab[/URL]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [URL unfurl="true"]http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab[/URL]
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - [URL unfurl="true"]http://www.bootsdigitalphotocentre.com/wpp/boots/app/opcuploader.cab[/URL]
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - [URL unfurl="true"]http://game18.zylomgames.com/activex/zylomgamesplayer.cab[/URL]
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - [URL unfurl="true"]https://www-secure.symantec.com/techsupp/asa/SymAData.cab[/URL]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - [URL unfurl="true"]http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab[/URL]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [URL unfurl="true"]http://chat.msn.com/controls/msnchat45.cab[/URL]
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6D2545F-3324-468C-99D1-B9EFBE62124A}: NameServer = 62.24.128.17,62.24.199.13
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

Thanks all

 

[kjv1611]

Well, if nothing else, I think that machine is overladen with toolbars. I know at least 2 or 3 of them are legit, but why in the world have so many stinking toolbars in IE?

I'd uninstall them if they are not necessary - or at least remove all but one.

From my personal experience, I didn't care too much for the AVG toolbar. To me, it seemed more like it was an advertisement thing for their "pro" suites than any real help.

Didn't have time to look in depth, though. hopefully someone else will soon...

--

"If to err is human, then I must be some kind of human!" -Me

 

[MarkZK]

I believe me, I wouldn't, I'm just trying to help someone out, there's no way I'd have anything "AOL" on my P.C either.

I'm getting them to use FF too

 

[BadBigBen]

for one get him/her to do a scan with log (with the version number) from the DESKTOP instead of the TEMP folder and when they are not on the internet...

these need fixing:

O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029AZGB_ZNxdm461AXGB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSe

tup1.0.0.15.cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} -

http://www.silvercrk.com/php/hwhearts_scecab_195.93.21.2.14297110968999664_72321

55.cab

in my opinion: all the O16 - DPF: entries should go, though some are legit...

e.g. are the only TWO DPF entries on my system, and they are from the Windows Update website!
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201196007031

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201197559890

ok, now waiting on a new LOG... and possible description of problem...

PS: also DO scans with SpyBot S&D, AdAware, SuperAntiSpyware, etc. and do two or more AntiViral scans...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

 

[MarkZK]

Hi Ben, thanks for that, they're offline right now, but I'll get them to do that, as for the scans, the reason I've asked here is because while scanning with Adaware (even in safemode) it freezes up and has to be closed in taskmanager.

I'll get back to you,

Thanks again.

 

[wahnula]

For future reference, there's an automated HijackThis analysis tool here

While it's not as good as an expert's eyes, it definitely can give you an outline of what's known to be bad...and you have several entries.

BTW, I've had instances of spyware that were, well, aware of Adaware and also locked up a perfectly good machine during Adaware scans. And another that would not let me run SpyBot S&D.

Tony

Users helping Users...

 

[kjv1611]

Here's a thought. If this person is online enough, and doesn't know much about PC stuff, then they could simply run a scan here:

http://housecall65.trendmicro.com

That will scan for every sort of malware. Not that it is necessarily the best, but it does seem to work quite well. The only downside is that I've heard of it giving false positives, which it seems most of the "good" ones seem to do at least a few of those nowadays. There are just too many programs out there.

--

"If to err is human, then I must be some kind of human!" -Me

 

[MarkZK]

Hi all,

thanks for the links, I'll pass them on.

the log as it stands now is..

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL unfurl="true"]http://www.tiny.com[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL unfurl="true"]http://www.supanet.com/search/iepanel/[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=74005[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Supanet Internet Explorer
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-GB\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6D2545F-3324-468C-99D1-B9EFBE62124A}: NameServer = 62.24.128.17,62.24.199.13
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

still freezing up on the scan, apparently always while scanning a class id, "clsid\{ don't know the reference".

it started after doing an update though, I was thinking of getting them to remove adaware and reinstall it again. not sure if it'll work but they're not getting any annoying popups or anything now. just the scan stopping.

Thanks again all.

 

[BadBigBen]

It's still without version number, so I can't tell if they are using the latest version or one of the earlier ones, of HJT...

but these can go:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

besides that the log is clean...

as for the freezing, yes get them to uninstall the app and then reinstall it, it can't hurt...


Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

 

[MarkZK]

hi Ben,

sorry that was my fault, somehow missed the top few lines in notepad, they were both "Logfile of Trend Micro HijackThis v2.0.2".

I'll get them to remove those two and reinstall and see how it goes, thanks for your help and time.

 

[BadBigBen]

Thanks for posting back, and I see it is the latest version...

no problem about helping out, that is what I am here for...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."