Something is going on?

I dont know what is going on but for some reason I keep getting this icon that pops up on my desktop. It is a pair of womans ta tas and I delete it and it keeps coming back. I get knocked offline frequently now and thats when it appears. I dont visit **** sites so I dont know what this is can anyone help?

I did download hijackthis i seen people talking about it here is my report. I mnot to computer savvy so bear with me. TIA to anyone who may be able to help me.

Logfile of HijackThis v1.99.1
Scan saved at 9:59:19 AM, on 3/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Toddler Keys\Toddler Keys.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Toddler Keys.lnk = C:\Program Files\Toddler Keys\Toddler Keys.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137816095796
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9536FD90-2AF3-4BA2-81A0-C0A656A75531}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe

 

Welcome to WindowsBBS jennmay

I'd like to take a closer look at some registry keys that may be hiding something from HijackThis. Please download getlogXP.exe from the link below, saving it to your desktop. It is a self-extracting zip file that contains a simple batch file to export some registry keys.

http://noahdfear.geekstogo.com/getlogXP.exe

Double click it, then click start to extract the file to it's own folder on the desktop. Open the folder and double click the GetLogXP.bat file. It will open a log file when complete. Please post the contents of that log here.

 

I did do what you said but when I click the folder on the log file thier is nothing in thier to copy and show you it is jsut empty notepad that opens up.

 

No problem jennmay. Please download temp.zip from the link below, saving it to your desktop.

http://noahdfear.geekstogo.com/temp.zip

Extract the temp.bat file inside and double click it to run. It will create temp.txt on your desktop. Please post the contents of that log.

 

Ok I hope this is right..

Volume in drive C has no label.
Volume Serial Number is B4CD-C41A

Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

04/14/2006 08:09a 5,639,608 2.exe
06/28/2005 02:23p 768,000 exec.exe
06/20/2005 01:24p 126,022 GLF121GLF121.EXE
10/27/2005 07:35a 36,864 install_Paltalk.exe
01/25/2007 04:33p 25,088 instWrap.exe
06/22/2005 11:04p 20,480 PleaseWait.exe
01/25/2007 10:05a 2,396,624 pprtrdnd.exe
7 File(s) 9,012,686 bytes

Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp

09/02/2004 04:17p 242,907 setup.exe
1 File(s) 242,907 bytes

Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD2.tmp

09/02/2004 04:17p 242,907 setup.exe
1 File(s) 242,907 bytes

Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD3.tmp

09/02/2004 04:17p 242,907 setup.exe
1 File(s) 242,907 bytes

Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8N8IG46V

02/02/2007 09:12p 487,741 ppclean[1].exe
1 File(s) 487,741 bytes

Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~rnsetu0

03/13/2007 01:07a 25,088 .g2cln.exe
1 File(s) 25,088 bytes

Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~rnsetu0\FREE

03/13/2007 01:07a 26,112 realplay.exe
1 File(s) 26,112 bytes

Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~rnsetu0\UPDATE

03/13/2007 01:07a 90,624 rnuninst.exe
03/13/2007 01:07a 84,480 upgrdhlp.exe
2 File(s) 175,104 bytes

Total Files Listed:
15 File(s) 10,455,452 bytes
0 Dir(s) 6,722,162,688 bytes free

 

Thank you. Please download temp2.exe

http://noahdfear.geekstogo.com/temp2.exe

Save to the desktop, double click then click Start to extract the files to a temp2 folder. Open and double click the temp2.bat, then post the contents of the temp2.txt it creates.

 

No matches found.

That is all it says

 

Hmmm....so far I see nothing on your comp similar to the other AxFree victims here. Please download FindAWF from the link below, saving to the desktop.

http://noahdfear.geekstogo.com/FindAWF.exe

Double click it to run and follow the prompts. Please post the contents of the AWF.txt log it creates.

I'll check it tomorrow evening.

 

Ok..Thank You for helping..When I first started having this problem I did install the AVG Anti-Spyware as suggested by most. So I think it might have cleaned it out so just checking to make sure I am clean and free. It also was listed in my internet tools under connections under dialers and I deleted that. If thats the case that im clean then ---thanks for having a great board for help for someone like me that just is not all that computer savvy. Can you suggest some good virus protection as well?

Find AWF report by noahdfear ©2006


bak folders found*
~~~~~~~~~~~


Directory of C:\PROGRA~1\NZSEARCH\BAK

07/11/2006 01:00a 311,362 nzspc.exe
1 File(s) 311,362 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/04/2005 05:03p 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/27/2003 10:00a 245,760 mcagent.exe
08/21/2003 05:10p 180,224 mcupdate.exe
2 File(s) 425,984 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

04/04/2005 05:01p 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SIBERS~1\AIROBO~1\BAK

09/07/2006 07:56a 144,448 RoboTaskBarIcon.exe
1 File(s) 144,448 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

311362 Jul 11 2006 "C:\Program Files\NZSearch\bak\nzspc.exe "
98304 Apr 4 2005 "C:\Program Files\QuickTime\bak\qttask.exe "
245760 Aug 27 2003 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe "
180224 Aug 21 2003 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe "
26112 Mar 13 2007 "C:\Program Files\Real\RealPlayer\realplay.exe "
26112 Apr 4 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe "
26112 Mar 13 2007 "C:\Documents and Settings\Administrator\Local Settings\Temp\~rnsetu0\FREE\realplay.exe "
144448 Sep 7 2006 "C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe "


end of report

 

Please note that these instructions are tailored to this user's machine. It is not intended to be used on anyone else's.

Scan again with HijackThis and place a check next to the following entries, then click Fix Checked.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Close HijackThis

Please upload the following file here http://www.bleepingcomputer.com/submit-malware.php?channel=22
C:\Program Files\Real\RealPlayer\realplay.exe

Then open Task Manager to the Processes tab and End Process on realplay.exe if it's running.
Now delete the file C:\Program Files\Real\RealPlayer\realplay.exe

Copy the bolded blue text below to a blank notepad. Make sure the formatting stays the same. Save it to the desktop as;

Filename: FixAWF.bat
Save As Type: All Files (*.*)

@echo off
if exist "%userprofile%\Desktop\InstantAccess.lnk" del "%userprofile%\Desktop\InstantAccess.lnk "
copy "C:\Program Files\NZSearch\bak\nzspc.exe" "C:\Program Files\NZSearch "
copy "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime "
copy "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe" "C:\Program Files\McAfee.com\Agent "
copy "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe" "C:\Program Files\McAfee.com\Agent "
copy "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe" "C:\Program Files\Real\RealPlayer "
copy "C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe" "C:\Program Files\Siber Systems\AI RoboForm "
cls
exit

Check Task Manager to see if any if the above executables are running and end process on them if they are.

Now double click the FixAWF.bat file to run it.

Download ATF Cleaner by Atribune and save it to your Desktop.

http://www.atribune.org/ccount/click.php?id=1

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything it can, check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program to clean out their temporary files as well.

When you have finished, click on the Exit button in the Main menu.

If there is an AxFreePorn dialup connection present, delete it.

Reboot.

Run FindAWF again. Post the contents of it's log.

Scan with HijackThis again, save the log and post it as well.

Let us know if you're still experiencing any problems.

 

The Prefech on the ATF-cleaner was disabled it would not let me put a check in it but I did as you instructed with everything else. I also sent you the file you requested.


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\NZSEARCH\BAK

07/11/2006 01:00a 311,362 nzspc.exe
1 File(s) 311,362 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/04/2005 05:03p 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/27/2003 10:00a 245,760 mcagent.exe
08/21/2003 05:10p 180,224 mcupdate.exe
2 File(s) 425,984 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

04/04/2005 05:01p 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SIBERS~1\AIROBO~1\BAK

09/07/2006 07:56a 144,448 RoboTaskBarIcon.exe
1 File(s) 144,448 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

311362 Jul 11 2006 "C:\Program Files\NZSearch\nzspc.exe "
311362 Jul 11 2006 "C:\Program Files\NZSearch\bak\nzspc.exe "
98304 Apr 4 2005 "C:\Program Files\QuickTime\qttask.exe "
98304 Apr 4 2005 "C:\Program Files\QuickTime\bak\qttask.exe "
245760 Aug 27 2003 "C:\Program Files\McAfee.com\Agent\mcagent.exe "
245760 Aug 27 2003 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe "
180224 Aug 21 2003 "C:\Program Files\McAfee.com\Agent\mcupdate.exe "
180224 Aug 21 2003 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe "
26112 Apr 4 2005 "C:\Program Files\Real\RealPlayer\realplay.exe "
26112 Apr 4 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe "
144448 Sep 7 2006 "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
144448 Sep 7 2006 "C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe "


end of report


Logfile of HijackThis v1.99.1
Scan saved at 12:01:08 AM, on 3/18/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Toddler Keys\Toddler Keys.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Toddler Keys.lnk = C:\Program Files\Toddler Keys\Toddler Keys.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137816095796
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9536FD90-2AF3-4BA2-81A0-C0A656A75531}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe

 

Thank you for the file. No problem with the Prefetch........I failed to exclude that. Win2000 doesn't have a prefetch folder.

Copy the bolded blue text below. Right click FixAWF.bat and select edit to open in notepad. Click Edit on the menu>Select all, then paste, replacing all of the previous text. Close and save the changes.

@echo off
del /q "C:\Program Files\NZSearch\bak\*.* "
del /q "C:\Program Files\McAfee.com\Agent\bak\*.* "
del /q "C:\Program Files\QuickTime\bak\*.* "
del /q "C:\Program Files\Real\RealPlayer\bak\*.* "
del /q "C:\Program Files\Siber Systems\AI RoboForm\bak\*.* "
rmdir /q "C:\Program Files\NZSearch\bak "
rmdir /q "C:\Program Files\McAfee.com\Agent\bak "
rmdir /q "C:\Program Files\QuickTime\bak "
rmdir /q "C:\Program Files\Real\RealPlayer\bak "
rmdir /q "C:\Program Files\Siber Systems\AI RoboForm\bak "
cls
exit

Double click FixAWF.bat to run it.

Reboot and post a fresh FindAWF log.

How is your computer behaving?

 

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


Thank you so much for helping. My computer is running very smooth well as smooth as dial up gets me LOL..I sorta live in the boonies and they do not have DSL or cable in my area which is a PITA. But she seems to be running good and booting up faster also. Thanks for all your help.

Jennifer

 

Sounds great Jennifer. Glad I could help.

Feel free to delete the tools we used and the logs.

Let us know if problems return.

 

Great! Thank You!!!!!!

 

Due to resolution this topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.