AIM Virus

[vroom_skies]

My friend says he has a aim virus. Any help would be great.

Logfile of HijackThis v1.99.1
Scan saved at 10:45:13 PM, on 8/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1153104335\ee\AOLSoftware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\terminals.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153104335\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Terminal Connections (terms) - Unknown owner - C:\WINDOWS\system32\terminals.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

[cell4me]

You dont have an aim virus but you do have a trojan.

Go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop terms
sc delete terms

Type Exit to close.


Download Ewido Anti-Malware

* Install Ewido Anti-Malware
* Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

* On the top of the main screen click Shield
* Click the word active to change it to inactive
* On the top of the main screen click Update.
* Then click on Start Update. The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update Ewido. When you have finished updating, EXIT Ewido.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

* In Safe Mode,run Ewido.
* Click Scanner
* Click on the Scan tab
* Click Complete System Scan to begin scanning.
* When the scan is complete click Recommended Action and change it to Quarantine
* Then click Apply all actions

Once finished, click the Save report button, then click Save Report As. This will create a text file.

Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.
Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.

 

[vroom_skies]

Ok, we have an update.
Here is ewido scan.

+ Created on: 2:31:50 PM, 8/24/2006
+ Report-Checksum: 557E59C8

+ Scan result:

HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup
:mozilla.9:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.55:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.57:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.58:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.59:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.60:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.61:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.65:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.66:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.67:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.68:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.69:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.71:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.72:C:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\2vg8u6sf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\tyler\Cookies\tyler@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\tyler\Cookies\tyler@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\tyler\Cookies\tyler@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20060131-180233-483.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20060131-180237-512.dll -> Adware.SpywareStorm : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20060131-180240-201.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197438.dll -> Adware.Winfixer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197439.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197440.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197441.dll -> Dialer.InstantAccess : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197442.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197443.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197444.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197445.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197446.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197447.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197448.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197450.dll -> Dialer.InstantAccess.d : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197451.dll -> Dialer.EGroup.s : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197452.exe -> Adware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197453.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197454.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197455.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197456.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197457.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197458.dll -> Adware.AlexaBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197459.exe -> Adware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197460.dll -> Dialer.InstantAccess : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197461.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197462.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0197463.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\WINDOWS\SYSTEM32\terminals.exe -> Backdoor.SdBot.xd : Cleaned with backup


::Report End

 

[vroom_skies]

And here is the updated hjtl.
Thanks a bunch call4me.

Logfile of HijackThis v1.99.1
Scan saved at 2:34:43 PM, on 8/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1153104335\ee\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153104335\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Print Spooler Service (SpoolSvc213) - Unknown owner - C:\WINDOWS\System32\mlsdf8hhkorvz.exe
O23 - Service: Terminal Connections (terms) - Unknown owner - C:\WINDOWS\system32\terminals.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

[cell4me]

Open up hijackthis and fix this entry

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe

And get rid off the AOL toolbar it's crapware!

You had a bunch of crap on there...lol!

But your aim virus is gone Just stay away from AOL anything!!!

EDIT: Fix this entry also...sorry I over looked it!

O23 - Service: Terminal Connections (terms) - Unknown owner - C:\WINDOWS\system32\terminals.exe (file missing)

And you should update JAVA here http://java.sun.com/javase/downloads/index.jsp

You have one more entry I am not sure about I think it is a printer driver but Edifier seems to think it might be malware I told him if it is and he knows what it is to post a fix for ya!

O23 - Service: Print Spooler Service (SpoolSvc213) - Unknown owner - C:\WINDOWS\System32\mlsdf8hhkorvz.exe

 

[cell4me]

bump

 

[vroom_skies]

Yeah, he's been alittle busy lately. I had him clean alot more crap off his pc and what not. And run so more scans I'll get an updated hjtl hopefully tonight.

Thanks mate

 

[vroom_skies]

Ok here is the log. Thanks for all your help man.

Logfile of HijackThis v1.99.1
Scan saved at 8:28:05 PM, on 8/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\System32\sklrr7ydnquy.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

[cell4me]

Fix this entry...I dont know where it came from or if you installed something and then uninstalled it but fix it with HT!

O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\System32\sklrr7ydnquy.exe (file missing)