Need Help Removing AxFreePorn

mom2phoebe · 2007/03/15

Here is my HighjackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:17:16 PM, on 3/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\HPQ\Default Settings\cpqset.exe
C:\Program Files\Common Files\AOL\1159017110\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\1159017110\ee\aolsoftware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
c:\program files\common files\aol\1159017110\ee\aolssc.exe
C:\Documents and Settings\PhoebeRoo\Local Settings\Temporary Internet Files\Content.IE5\8TARODYN\HiJackThis_v2[1].exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159017110\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1159017110\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} (AOLLaunch Class) - http://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70906643-5407-4090-8F8C-76A6828E57EC}: NameServer = 205.188.146.145
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7968 bytes

mom2phoebe · 2007/03/16

I really could use some help please!

TeMerc · 2007/03/16

As you can see, you're not the only one with this problem on these boards. Our volunteers are working diligently to get to all logs.

Not all volunteers have all day to sit in front of a PC, thusly, some users seeking help may wait longer than others. We do our best and try to get to logs in th order they are posted.

Your patience is greatly appreciated.

noahdfear · 2007/03/18

Hi mom2phoebe

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

Install AVG Anti-Spyware by double clicking the installer.

Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.

On the main screen under Your Computer's security.

Click on Change state next to Resident shield. It should now change to inactive.

Click on Change state next to Automatic updates. It should now change to inactive.

Next to Last Update, click on Update now. (You will need an active internet connection to perform this)

Wait until you see the Update succesful message.

Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.

Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

Click on Scanner on the toolbar.

Click on the Settings tab.

Under How to act?

Click on Recommended Action and choose Quarantine from the popup menu.

Under How to scan?

All checkboxes should be ticked.

Under Possibly unwanted software:

All checkboxes should be ticked.

Under Reports:

Select Automatically generate report after every scan and uncheck Only if threats were found.

Under What to scan?

Select Scan every file.

Click on the Scan tab.

Click on Complete System Scan to start the scan process.

Let the program scan the machine.

When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)

At the bottom of the window click on the Apply all Actions button. (3)

When done, click the Save Scan Report button. (4)

Click the Save Report as button.

Save the report to your Desktop.

Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot. Post the contents of the scan report.

Download FindAWF from the link below, saving to the desktop.

http://noahdfear.geekstogo.com/FindAWF.exe

Double click it to run and follow the prompts. Please post the contents of the AWF.txt log it creates.

mom2phoebe · 2007/03/19

Thanks so much for helping!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:16:02 PM 3/18/2007

+ Scan result:

C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071936.EXE -> Adware.Background : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP207\A0060641.exe -> Adware.Spysheriff : Cleaned with backup (quarantined).
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\HPQ\Notebook Utilities\TvNow.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\HPQ\Notebook Utilities\hptasks.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\HPQ\One-Touch\OneTouch.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\QuickTime\qttask.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Real\RealPlayer\RealPlay.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP205\A0060337.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0070698.rbf -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0070812.rbf -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0073110.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0073144.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0073160.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0073179.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
[464] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Documents and Settings\PhoebeRoo\Local Settings\Temporary Internet Files\Content.IE5\JWXPZP0D\member[4].htm -> Downloader.Agent.bp : Cleaned with backup (quarantined).
C:\Documents and Settings\PhoebeRoo\Local Settings\Temporary Internet Files\Content.IE5\JWXPZP0D\memberlist[1].htm -> Downloader.Agent.bp : Cleaned with backup (quarantined).
C:\Documents and Settings\PhoebeRoo\Local Settings\Temporary Internet Files\Content.IE5\JWXPZP0D\memberlist[2].htm -> Downloader.Agent.bp : Cleaned with backup (quarantined).
C:\Documents and Settings\PhoebeRoo\Local Settings\Temporary Internet Files\Content.IE5\JWXPZP0D\memberlist[3].htm -> Downloader.Agent.bp : Cleaned with backup (quarantined).
C:\Documents and Settings\PhoebeRoo\Local Settings\Temporary Internet Files\Content.IE5\JWXPZP0D\memberlist[4].htm -> Downloader.Agent.bp : Cleaned with backup (quarantined).
C:\Documents and Settings\PhoebeRoo\Local Settings\Temporary Internet Files\Content.IE5\JWXPZP0D\memberlist[5].htm -> Downloader.Agent.bp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071948.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071950.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071951.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071952.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071953.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071954.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071955.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071956.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP232\A0071957.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@www.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@ads.revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\PhoebeRoo\Cookies\phoeberoo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Find AWF report by noahdfear ©2006

bak folders found
~~~~~~~~~~~

Directory of C:\CPQS\SCOM\BAK

01/03/2007 07:06 PM 36,364 srmclean.exe
1 File(s) 36,364 bytes

Directory of C:\HP\BIN\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\AMERIC~1.0A\BAK

07/12/2005 05:17 AM 50,776 AOL.EXE
1 File(s) 50,776 bytes

Directory of C:\PROGRA~1\AMERIC~1.0B\BAK

07/12/2005 06:17 AM 50,776 AOL.EXE
1 File(s) 50,776 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/23/2006 07:15 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

01/23/2003 11:00 PM 290,816 atiptaxx.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

11/14/2002 09:29 PM 54,976 ccApp.exe
11/14/2002 09:29 PM 59,072 ccRegVfy.exe
2 File(s) 114,048 bytes

Directory of C:\PROGRA~1\HPQ\DEFAUL~1\BAK

02/26/2003 06:25 PM 180,316 cpqset.exe
1 File(s) 180,316 bytes

Directory of C:\PROGRA~1\HPQ\NOTEBO~1\BAK

08/15/2002 08:26 AM 45,056 hptasks.exe
01/30/2003 12:34 PM 282,624 TvNow.exe
2 File(s) 327,680 bytes

Directory of C:\PROGRA~1\HPQ\ONE-TO~1\BAK

01/30/2003 05:02 PM 102,400 OneTouch.EXE
1 File(s) 102,400 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

04/05/2004 03:33 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/28/2003 10:18 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/14/2003 06:56 AM 634,880 SynTPEnh.exe
03/14/2003 06:56 AM 110,592 SynTPLpr.exe
2 File(s) 745,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

10/23/2006 06:50 AM 71,216 AOLDial.exe
1 File(s) 71,216 bytes

03/26/2003 01:15 PM 684,032 DirectCD.exe
1 File(s) 684,032 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\115901~1\EE\BAK

09/25/2006 06:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

36364 Jan 3 2007 "C:\cpqs\scom\bak\srmclean.exe "
45125 Dec 18 2002 "C:\Program Files\America Online 8.0\aol.exe "
36364 Jan 3 2007 "C:\Program Files\America Online 9.0a\AOL.EXE "
45139 Aug 15 2003 "C:\Program Files\America Online 9.0\aol.exe "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0a\bak\AOL.EXE "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0b\bak\AOL.EXE "
45125 Dec 18 2002 "C:\Program Files\America Online 8.0\aol.exe "
36364 Jan 3 2007 "C:\Program Files\America Online 9.0a\AOL.EXE "
45139 Aug 15 2003 "C:\Program Files\America Online 9.0\aol.exe "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0a\bak\AOL.EXE "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0b\bak\AOL.EXE "
98304 Sep 23 2006 "C:\Program Files\QuickTime\bak\qttask.exe "
290816 Jan 23 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe "
54976 Nov 14 2002 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe "
59072 Nov 14 2002 "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe "
180316 Feb 26 2003 "C:\SwSetup\Default\Cpqset.exe "
180316 Feb 26 2003 "C:\Program Files\HPQ\Default Settings\bak\cpqset.exe "
45056 Aug 15 2002 "C:\Program Files\HPQ\Notebook Utilities\bak\hptasks.exe "
282624 Jan 30 2003 "C:\Program Files\HPQ\Notebook Utilities\bak\TvNow.exe "
102400 Jan 30 2003 "C:\SwSetup\OneTouch\ONETOUCH.EXE "
102400 Jan 30 2003 "C:\Program Files\HPQ\One-Touch\bak\OneTouch.EXE "
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe "
26112 Dec 28 2003 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe "
634880 Mar 14 2003 "C:\SwSetup\Touchpad\SynTPEnh.exe "
634880 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe "
634880 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe "
110592 Mar 14 2003 "C:\SwSetup\Touchpad\SynTPLpr.exe "
110592 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe "
110592 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe "
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe "
684032 Mar 26 2003 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe "
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1159017110\EE\AOLSoftware.exe "
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1159017110\EE\bak\AOLSoftware.exe "

end of report

noahdfear · 2007/03/19

Please submit the following 2 files to the link below.

C:\Program Files\America Online 9.0a\AOL.EXE
C:\cpqs\scom\bak\srmclean.exe

http://www.bleepingcomputer.com/submit-malware.php?channel=22

I have to run an errand and will be back shortly with further instructions.

mom2phoebe · 2007/03/19

I have sent the files. Thanks!!

noahdfear · 2007/03/19

Thank you. They were both infected, and need to be deleted. Before we continue, would you please create a new HijackThis log and post it for me.

Do you have a Compac driver cd, or did a recovery cd come with your PC?

mom2phoebe · 2007/03/19

I will have to check what cd came with it, they are at my parent's house as I have been using their laptop. I will find out in the morning. Here is a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:08:12 PM, on 3/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1159017110\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1159017110\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159017110\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1159017110\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} (AOLLaunch Class) - http://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70906643-5407-4090-8F8C-76A6828E57EC}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

noahdfear · 2007/03/19

Download ATF Cleaner by Atribune and save it to your Desktop.

http://www.atribune.org/ccount/click.php?id=1

If you have not already done so, delete the following two files.

C:\cpqs\scom\bak\srmclean.exe
C:\Program Files\America Online 9.0a\AOL.EXE

Copy the bolded blue text below to a blank notepad. Make sure the formatting stays the same. Save it to the desktop as;

Filename: FixAWF.bat
Save As Type: All Files (*.*)

@echo off
if exist "%userprofile%\Desktop\InstantAccess.lnk" del "%userprofile%\Desktop\InstantAccess.lnk "
copy "C:\Program Files\America Online 9.0a\bak\AOL.EXE" "C:\Program Files\America Online 9.0a "
copy "C:\Program Files\America Online 9.0b\bak\AOL.EXE" "C:\Program Files\America Online 9.0b "
copy "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime "
copy "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe" "C:\Program Files\ATI Technologies\ATI Control Panel "
copy "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe" "C:\Program Files\Common Files\Symantec Shared "
copy "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe" "C:\Program Files\Common Files\Symantec Shared "
copy "C:\Program Files\HPQ\Default Settings\bak\cpqset.exe" "C:\Program Files\HPQ\Default Settings "
copy "C:\Program Files\HPQ\Notebook Utilities\bak\hptasks.exe" "C:\Program Files\HPQ\Notebook Utilities "
copy "C:\Program Files\HPQ\Notebook Utilities\bak\TvNow.exe" "C:\Program Files\HPQ\Notebook Utilities "
copy "C:\Program Files\HPQ\One-Touch\bak\OneTouch.EXE" "C:\Program Files\HPQ\One-Touch "
copy "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe" "C:\Program Files\Pure Networks\Port Magic "
copy "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe" "C:\Program Files\Real\RealPlayer "
copy "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe" "C:\Program Files\Synaptics\SynTP "
copy "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe" "C:\Program Files\Synaptics\SynTP "
copy "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe" "C:\Program Files\Common Files\AOL\ACS "
copy "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe" "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD "
cls
exit

Now double click the FixAWF.bat file to run it.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything it can, check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program to clean out their temporary files as well.

When you have finished, click on the Exit button in the Main menu.

If there is an AxFreePorn dialup connection present, delete it.

Scan again with HijackThis and place a check next to the following entry, close ALL other windows, then click Fix Checked.

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

Close HijackThis and reboot.

Run FindAWF again and post the log.
Create yet another new HijackThis log and post it as well.

mom2phoebe · 2007/03/21

Ok, I did everything above. Here are the new logs:

Find AWF report by noahdfear ©2006

bak folders found
~~~~~~~~~~~

Directory of C:\CPQS\SCOM\BAK

0 File(s) 0 bytes

Directory of C:\HP\BIN\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\AMERIC~1.0A\BAK

07/12/2005 05:17 AM 50,776 AOL.EXE
03/20/2007 06:43 PM 24 shellmon.ph
2 File(s) 50,800 bytes

Directory of C:\PROGRA~1\AMERIC~1.0B\BAK

07/12/2005 06:17 AM 50,776 AOL.EXE
1 File(s) 50,776 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/23/2006 07:15 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

01/23/2003 11:00 PM 290,816 atiptaxx.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

11/14/2002 09:29 PM 54,976 ccApp.exe
11/14/2002 09:29 PM 59,072 ccRegVfy.exe
2 File(s) 114,048 bytes

Directory of C:\PROGRA~1\HPQ\DEFAUL~1\BAK

02/26/2003 06:25 PM 180,316 cpqset.exe
1 File(s) 180,316 bytes

Directory of C:\PROGRA~1\HPQ\NOTEBO~1\BAK

08/15/2002 08:26 AM 45,056 hptasks.exe
01/30/2003 12:34 PM 282,624 TvNow.exe
2 File(s) 327,680 bytes

Directory of C:\PROGRA~1\HPQ\ONE-TO~1\BAK

01/30/2003 05:02 PM 102,400 OneTouch.EXE
1 File(s) 102,400 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

04/05/2004 03:33 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/28/2003 10:18 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/14/2003 06:56 AM 634,880 SynTPEnh.exe
03/14/2003 06:56 AM 110,592 SynTPLpr.exe
2 File(s) 745,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

10/23/2006 06:50 AM 71,216 AOLDial.exe
1 File(s) 71,216 bytes

03/26/2003 01:15 PM 684,032 DirectCD.exe
1 File(s) 684,032 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\115901~1\EE\BAK

09/25/2006 06:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

45125 Dec 18 2002 "C:\Program Files\America Online 8.0\aol.exe "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0a\AOL.EXE "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0b\AOL.EXE "
45139 Aug 15 2003 "C:\Program Files\America Online 9.0\aol.exe "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0a\bak\AOL.EXE "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0b\bak\AOL.EXE "
74 Mar 29 2005 "C:\Program Files\America Online 8.0\shellmon.ph "
24 Jan 3 2007 "C:\Program Files\America Online 9.0a\shellmon.ph "
24 Mar 20 2007 "C:\Program Files\America Online 9.0b\shellmon.ph "
24 Mar 20 2007 "C:\Program Files\America Online 9.0\shellmon.ph "
24 Mar 20 2007 "C:\Program Files\America Online 9.0a\bak\shellmon.ph "
2042 Mar 20 2007 "C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\shellmon.ph "
5848 Jan 4 2007 "C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\shellmon.ph "
6974 Mar 20 2007 "C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\shellmon.ph "
45125 Dec 18 2002 "C:\Program Files\America Online 8.0\aol.exe "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0a\AOL.EXE "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0b\AOL.EXE "
45139 Aug 15 2003 "C:\Program Files\America Online 9.0\aol.exe "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0a\bak\AOL.EXE "
50776 Jul 12 2005 "C:\Program Files\America Online 9.0b\bak\AOL.EXE "
98304 Sep 23 2006 "C:\Program Files\QuickTime\qttask.exe "
98304 Sep 23 2006 "C:\Program Files\QuickTime\bak\qttask.exe "
290816 Jan 23 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
290816 Jan 23 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe "
54976 Nov 14 2002 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
54976 Nov 14 2002 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe "
59072 Nov 14 2002 "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
59072 Nov 14 2002 "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe "
180316 Feb 26 2003 "C:\SwSetup\Default\Cpqset.exe "
180316 Feb 26 2003 "C:\Program Files\HPQ\Default Settings\cpqset.exe "
180316 Feb 26 2003 "C:\Program Files\HPQ\Default Settings\bak\cpqset.exe "
45056 Aug 15 2002 "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe "
45056 Aug 15 2002 "C:\Program Files\HPQ\Notebook Utilities\bak\hptasks.exe "
282624 Jan 30 2003 "C:\Program Files\HPQ\Notebook Utilities\TvNow.exe "
282624 Jan 30 2003 "C:\Program Files\HPQ\Notebook Utilities\bak\TvNow.exe "
102400 Jan 30 2003 "C:\SwSetup\OneTouch\ONETOUCH.EXE "
102400 Jan 30 2003 "C:\Program Files\HPQ\One-Touch\OneTouch.EXE "
102400 Jan 30 2003 "C:\Program Files\HPQ\One-Touch\bak\OneTouch.EXE "
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe "
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe "
26112 Dec 28 2003 "C:\Program Files\Real\RealPlayer\RealPlay.exe "
26112 Dec 28 2003 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe "
634880 Mar 14 2003 "C:\SwSetup\Touchpad\SynTPEnh.exe "
634880 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "
634880 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe "
634880 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe "
110592 Mar 14 2003 "C:\SwSetup\Touchpad\SynTPLpr.exe "
110592 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "
110592 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe "
110592 Mar 14 2003 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe "
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe "
684032 Mar 26 2003 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
684032 Mar 26 2003 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe "
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1159017110\EE\AOLSoftware.exe "
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1159017110\EE\bak\AOLSoftware.exe "

end of report

Logfile of HijackThis v1.99.1
Scan saved at 8:15:50 AM, on 3/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1159017110\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\AOL\1159017110\ee\aolsoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159017110\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1159017110\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} (AOLLaunch Class) - http://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70906643-5407-4090-8F8C-76A6828E57EC}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1159017110\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks!

noahdfear · 2007/03/21

Logs look great. How is the computer running?

You can now delete the bak folders and their contents, as well as the tools we used and the logs created.

C:\Program Files\America Online 9.0a\bak
C:\Program Files\America Online 9.0b\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\Common Files\AOL\1159017110\EE\bak
C:\Program Files\Common Files\AOL\ACS\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\HPQ\Default Settings\bak
C:\Program Files\HPQ\Notebook Utilities\bak
C:\Program Files\HPQ\One-Touch\bak
C:\Program Files\Pure Networks\Port Magic\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak
C:\Program Files\Synaptics\SynTP\bak

With C:\cpqs\scom\bak\srmclean.exe being infected, there is no backup to restore. That file missing may affect the performance or operability of the sound card, so you will need to check the cd for a copy. To do so, insert the cd into the drive. It may startup automatically, prompting you to install Windows. Just close the window and open My Computer. Right click the cd drive and select explore. Once it opens the cd contents in Windows Explorer, click the Search icon on the toolbar. If it's not there, right click the toolbar and ensure Standard Buttons is checked, then select customize, then add search from the list. Click All Files and folders in the search pane, then enter srmclean.exe. If found, copy it to the C:\cpqs\scom folder.

Your computer is considerably behind on Windows Updates. Recommend you take the time to get the high priority updates and service packs installed.

Log in or Sign up

Need Help Removing AxFreePorn

mom2phoebe Inactive Thread Starter

mom2phoebe Inactive Thread Starter

TeMerc Inactive Alumni

noahdfear Inactive

mom2phoebe Inactive Thread Starter

noahdfear Inactive

mom2phoebe Inactive Thread Starter

noahdfear Inactive

mom2phoebe Inactive Thread Starter

noahdfear Inactive

mom2phoebe Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Need Help Removing AxFreePorn

mom2phoebe Inactive Thread Starter

mom2phoebe Inactive Thread Starter

TeMerc Inactive Alumni

noahdfear Inactive

mom2phoebe Inactive Thread Starter

noahdfear Inactive

mom2phoebe Inactive Thread Starter

noahdfear Inactive

mom2phoebe Inactive Thread Starter

noahdfear Inactive

mom2phoebe Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches