Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijackthis log

Unread postby Nick » August 15th, 2006, 11:51 am

Hi

I have been have a few problems with my computer and my wife's computer (we are on a wireless network). I wonder if you could check the log file and report back.

Thanks
Nick

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\AOL\1150136885\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1150136885\ee\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
c:\program files\common files\aol\1150136885\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1150136885\ee\AOLServiceHost.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jules\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: (no name) - {E5560A14-C94F-24C4-46A2-328C7F1C4986} - C:\DOCUME~1\Jules\APPLIC~1\EXTRAF~1\Axis Program.exe
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150136885\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [enc bleh grid active] C:\Documents and Settings\All Users\Application Data\Memo Flaw Enc Bleh\Setup Size.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Build Amok] C:\DOCUME~1\Jules\APPLIC~1\CHINMO~1\corn trust axis.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?39cb88bd757c41e09ebe7ddca24069d0
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?39cb88bd757c41e09ebe7ddca24069d0
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/Acti ... ontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Nick
Regular Member
 
Posts: 19
Joined: September 17th, 2005, 8:26 am
Advertisement
Register to Remove

Unread postby Trogan » August 15th, 2006, 2:57 pm

Hi Nick,

I'm looking over your log now, and will post back soon. :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Trogan » August 15th, 2006, 10:25 pm

Hi again Nick

Your missing the top bit from HijackThis. It should look like this:
Logfile of HijackThis v1.99.1
Scan saved at 19:57:51, on 15/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
If you could include that in your next reply, along with the rest of the log from HijackThis, that would be great. :)

On to your problem:

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
    • Carefully type or copy and paste this series of characters into the lower text area labelled Insert CLSID Here. Include the {}:

      {E5560A14-C94F-24C4-46A2-328C7F1C4986}
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log along with a fresh HijackThis log in your next reply
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--

=====

Also, I would like to see another log from HijackThis.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button. It will open a Notepad file.
  • Copy & Paste the entire contents of that file in your in your next post.
=====

Please post the following:

1) Contents from C:\NoLop.log
2) Uninstall list
3) New HijackThis log, including the top bit.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Hijackthis Log

Unread postby Nick » August 16th, 2006, 3:13 am

Hi,

Thank you for the information. Here is the NoLop.log:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Jules\Desktop
[16/08/2006]
[07:57:06]

---Infection Files Found/Removed---
C:\Documents and Settings\Jules\Application Data\chin move\Drv tick eq.exe
C:\Documents and Settings\Jules\Application Data\chin move\FordUserLongOoze.exe
C:\Documents and Settings\All Users\Application Data\Memo Flaw Enc Bleh\junkuser.exe
C:\Documents and Settings\All Users\Application Data\Memo Flaw Enc Bleh\Setup Size.exe
C:\Documents and Settings\Jules\Application Data\chin move\ahtybkaf.exe
C:\Documents and Settings\Jules\Application Data\chin move\nbfkpyny.exe
C:\WINDOWS\tasks\ACED76C591D6EED5.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn Search Toolbar
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Prism
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Sbt
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Ati
C:\Documents and Settings\Default User\Application Data\Cyberlink
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Jules\Application Data\Ability
C:\Documents and Settings\Jules\Application Data\Adobe
C:\Documents and Settings\Jules\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Jules\Application Data\Ahead
C:\Documents and Settings\Jules\Application Data\Aol
C:\Documents and Settings\Jules\Application Data\Ati
C:\Documents and Settings\Jules\Application Data\Avg7
C:\Documents and Settings\Jules\Application Data\Cyberlink
C:\Documents and Settings\Jules\Application Data\Extrafaceping -- EMPTY Directory
C:\Documents and Settings\Jules\Application Data\Google
C:\Documents and Settings\Jules\Application Data\Gtek
C:\Documents and Settings\Jules\Application Data\Help
C:\Documents and Settings\Jules\Application Data\Hp
C:\Documents and Settings\Jules\Application Data\Identities
C:\Documents and Settings\Jules\Application Data\Jasc Software Inc
C:\Documents and Settings\Jules\Application Data\Lavasoft
C:\Documents and Settings\Jules\Application Data\Macromedia
C:\Documents and Settings\Jules\Application Data\Microsoft
C:\Documents and Settings\Jules\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Jules\Application Data\Mozilla
C:\Documents and Settings\Jules\Application Data\Msn Search Toolbar
C:\Documents and Settings\Jules\Application Data\Msn6
C:\Documents and Settings\Jules\Application Data\Msninstaller
C:\Documents and Settings\Jules\Application Data\Real
C:\Documents and Settings\Jules\Application Data\Sun
C:\Documents and Settings\Jules\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Nick\Application Data\Adobe
C:\Documents and Settings\Nick\Application Data\Aol
C:\Documents and Settings\Nick\Application Data\Ati
C:\Documents and Settings\Nick\Application Data\Cyberlink
C:\Documents and Settings\Nick\Application Data\Identities
C:\Documents and Settings\Nick\Application Data\Jasc Software Inc
C:\Documents and Settings\Nick\Application Data\Macromedia
C:\Documents and Settings\Nick\Application Data\Microsoft
C:\Documents and Settings\Nick\Application Data\Mozilla
C:\Documents and Settings\Nick\Application Data\Opera
C:\Documents and Settings\Nick\Application Data\Real
C:\Documents and Settings\Nick\Application Data\Sun

Here is the uninstall list:

Ability Office 4
Ad-Aware SE Personal
Adobe Reader 7.0.7
Ahead InCD EasyWrite Reader
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL UK (Choose which version to remove)
AOL Uninstaller
AOL You've Got Pictures Screensaver
ATI Catalyst Control Center
ATI Display Driver
Avanquest update
BT Voyager 105 ADSL Modem
BT Voyager Modem AOL Test
FileZilla (remove only)
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2_01
Learn2 Player (Uninstall Only)
Lexmark Software Uninstall
Macromedia Flash Player 8
Macromedia Shockwave Player
Memories Disc Creator 2.0
Messenger Plus! 3 & Sponsor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Greetings
Microsoft Money 99
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft Office Standard Edition 2003
Microsoft Works
Microsoft Works Setup Launcher
Mnemic Emoticon Packs for Messenger
Motorola Phone Tools
Mozilla Firefox (1.5.0.6)
MSN
MSN Messenger 7.5
MSN Search Toolbar
NCTAudioConvert ActiveX EXE Server 3.5.3
Nero 6
Nero Media Player
NeroVision Express 2
NVIDIA Drivers
NvMixer
Opera
PCI SoftV92 Modem
PhotoNow! 1.0
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
QuickTime
RealOne Player
SANYO LD-ADPCM Audio CODEC uninstall
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Sony Digital Voice Editor 2
SpeedTouch 120g Wireless USB Adapter
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Start Stop Universal Transcription System
Time Stamp 3.12
Trend Micro PC-cillin Internet Security 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885295
Wise-FTP
Yahoo! Toolbar

Here is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 08:09:48, on 16/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Common Files\AOL\1150136885\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1150136885\ee\AOLServiceHost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
c:\program files\common files\aol\1150136885\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1150136885\ee\AOLServiceHost.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jules\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150136885\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NoLop.exe
O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?39cb88bd757c41e09ebe7ddca24069d0
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?39cb88bd757c41e09ebe7ddca24069d0
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/Acti ... ontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Regards,
Nick
Nick
Regular Member
 
Posts: 19
Joined: September 17th, 2005, 8:26 am

Unread postby Trogan » August 16th, 2006, 3:58 am

Hi again Nick! Good job on removing the Lop infection. However, we need to remove the Sponser program that you choose to install with Messenger Plus. Please follow the following instructions...

1. Go to Add/Remove programs. Double click on "Messenger Plus! 3 & Sponsor " (or click on Remove)

2. The "Messenger Plus! - Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program.

3. The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall.

4. If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling.

5. To complete the uninstallation, follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important!). When everything is complete, restart your computer.

Note: You may re-install Messenger Plus, but please make sure you select the option to install Messenger Plus without the Sponsor program.

=====

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove
    • J2SE Runtime Environment 5.0 Update 4
    • J2SE Runtime Environment 5.0 Update 6
    • Java 2 Runtime Environment, SE v1.4.2_01
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.

=====

You may want to print or save the following instructions, as the internet will not be available in Safe Mode!

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
      Note: If the Update now option is grayed out, follow the steps below.
      • Click on Update on the toolbar.
      • Under Manual update, click on the Start Update button.
      • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

=====

Reboot back into Normal Mode

=====

Please post the following in your next reply...

1) Ewido log
2) New Uninstall list
3) New HijackThis log
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Updated log

Unread postby Nick » August 16th, 2006, 5:26 am

Hi

Please find Ewido log:

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:18:19 16/08/2006

+ Scan result:



HKU\S-1-5-21-1663651312-141262919-3884284984-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Cookies\nick@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.656:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.657:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.658:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.659:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.660:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.668:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.669:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.670:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\wtsjbwag.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\wtsjbwag.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\wtsjbwag.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.808:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\wtsjbwag.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.866:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.867:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.868:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.703:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.704:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.705:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.706:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.707:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.708:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.709:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.710:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.711:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.717:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.718:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.719:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.723:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.724:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.725:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.726:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.727:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.458:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.459:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.460:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.461:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.630:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.733:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.734:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.735:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.736:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.737:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.738:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.739:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.740:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.741:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.742:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.743:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.744:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.745:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.746:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.747:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.748:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.749:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.478:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.479:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.480:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.481:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.482:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.483:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.484:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.485:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.486:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.487:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.488:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.489:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.490:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.491:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.492:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.493:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.494:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.495:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.496:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.509:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.558:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.559:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.560:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.561:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.562:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.613:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.614:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.615:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.602:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.603:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.604:C:\Documents and Settings\Jules\Application Data\Mozilla\Firefox\Profiles\7jlew77p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

Please find new uninstall list:

Ability Office 4
Ad-Aware SE Personal
Adobe Reader 7.0.7
Ahead InCD EasyWrite Reader
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL UK (Choose which version to remove)
AOL Uninstaller
AOL You've Got Pictures Screensaver
ATI Catalyst Control Center
ATI Display Driver
Avanquest update
BT Voyager 105 ADSL Modem
BT Voyager Modem AOL Test
ewido anti-spyware 4.0
FileZilla (remove only)
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 8
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8
Learn2 Player (Uninstall Only)
Lexmark Software Uninstall
Macromedia Flash Player 8
Macromedia Shockwave Player
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Greetings
Microsoft Money 99
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft Office Standard Edition 2003
Microsoft Works
Microsoft Works Setup Launcher
Mnemic Emoticon Packs for Messenger
Motorola Phone Tools
Mozilla Firefox (1.5.0.6)
MSN
MSN Messenger 7.5
MSN Search Toolbar
NCTAudioConvert ActiveX EXE Server 3.5.3
Nero 6
Nero Media Player
NeroVision Express 2
NVIDIA Drivers
NvMixer
Opera
PCI SoftV92 Modem
PhotoNow! 1.0
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
QuickTime
RealOne Player
SANYO LD-ADPCM Audio CODEC uninstall
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Sony Digital Voice Editor 2
SpeedTouch 120g Wireless USB Adapter
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Start Stop Universal Transcription System
Time Stamp 3.12
Trend Micro PC-cillin Internet Security 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885295
Wise-FTP
Yahoo! Toolbar

New Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 10:23:08, on 16/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\AOL\1150136885\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Common Files\AOL\1150136885\ee\AOLServiceHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
c:\program files\common files\aol\1150136885\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1150136885\ee\AOLServiceHost.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Documents and Settings\Jules\Desktop\hijackthis\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150136885\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?39cb88bd757c41e09ebe7ddca24069d0
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?39cb88bd757c41e09ebe7ddca24069d0
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/Acti ... ontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Regards
Nick
Nick
Regular Member
 
Posts: 19
Joined: September 17th, 2005, 8:26 am

Unread postby Trogan » August 16th, 2006, 2:37 pm

Hi Nick!

I'm glad to say your HijackThis log is now clean. :thumbleft: You can now delete NoLop as it not needed anymore.

Here are some measures you can take to stay more secure online:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera.

Use a firewall to help prevent your PC(s) from being usurped by undesireables. If you don't have a Firewall, then choose one from the list here

Install an Anti-Virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have an Anti-Virus program, choose one from the list here

Install and keep updated, Ad-Aware SE and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.

Install and keep updated, SpywareBlaster and SpywareGuard

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

Clear your Temp folders.
Go to Start > Control Panel > Internet Options.
Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK

Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked
  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin
and then press "OK" to remove:

Go to Start > Find/Search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents from within the following folders:
C:\Windows\temp
C:\temp <-- if you have one.
Note: Empty the contents but do not delete the folder(s).

Clear out temp files from the following location. Change "username" to whatever you have on your computer.
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin!

Hide system files
It is very important that system files and folders are hidden again, so that they DO NOT get deleted by mistake. To hide system files and folders, do the following for your operating system...

Windows XP
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading, uncheck Do not show hidden files and folders
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


For XP users.
It's a good idea to Flush your System Restore points after ridding yourself of malware: You can clean this by doing the following:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.

===============

If you have any more problems, post back. Otherwise, respond once more so we may archive this thread. :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Hijackthis Log

Unread postby Nick » August 17th, 2006, 3:31 am

Hi

Thanks for all your help. As I mentioned in my first post, I have another computer on the network, so would it be best to post the Hijackthis Log from this machine too?

Nick
Nick
Regular Member
 
Posts: 19
Joined: September 17th, 2005, 8:26 am

Unread postby Trogan » August 17th, 2006, 5:18 pm

Hi Nick,

Post the HijackThis log from your other computer, and I will take a look at it for you. :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby 'KotaGuy » August 20th, 2006, 11:26 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware