Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Key Logger

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Key Logger

Unread postby Sd-Vortex » April 4th, 2007, 6:12 am

Heres my hijackthis log. i think i have a keylogger and idk what else i have but please help me

Logfile of HijackThis v1.99.1
Scan saved at 5:11:04 AM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Nate\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX500 on TOSHIBA] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" /P40 "Auto EPSON Stylus Photo RX500 on TOSHIBA" /O18 "\\TOSHIBA\EPSONSty" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QUICKCARE] "C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" /P QUICKCARE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/c ... /ct1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites ... nstall.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am
Advertisement
Register to Remove

Unread postby Sd-Vortex » April 5th, 2007, 4:11 am

can someone please help me???
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 5th, 2007, 10:09 pm

Hello Sd-Vortex,

Welcome to the MalWare Removal forums! Sorry for the delay on getting a reply. I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.


If you can do those three things, everything should go smoothly


------------------------------------------------------------


Please this first:
Hijackthis is running from a Temp folder. In order to create and keep backups, Hijackthis needs to run from in side a folder.
If you have created a short cut Icon on desktop delete it now. We will clean out the one in your temp folder later do not worry about it now.

Re-Download HijackThis and save to your Desktop. Click HERE
  • Double click on HJTSetup.exe and by default it should install to C:\Program Files\Hijack This
  • Make sure to read dialogue screen when installing and put a check in the box create a desktop Icon when you get to that prompt screen. This will create a short cut on your desktop.
  • Follow all the prompts, click Finish, and let the installer start HijackThis.
  • Click the Do a System Scan and Save a Log File option.
  • Notepad will open with the Hijackthis log, please post it's content here.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Paste the log in your next reply.

This is important to have done first.

-------------------------------------------------------------

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1.Start HijackThis

Image

2. Click on the Open the Misc tool section button
3. Click on the Misc Tools button

Image

4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save list button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Note: please uncheck word wrap under format in notepad

Post HJT Uninstall list in next reply
--------------------------------------------------------------

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
You must use Internet Explorer browser for this scan to work not Mozilla Firefox.

  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

----------------------------------------------------------

Please post in your next reply to this thread theses
HJT Uninstall list
kaspersky online scan results
New HJT log.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 5th, 2007, 10:32 pm

Logfile of HijackThis v1.99.1
Scan saved at 9:30:13 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe






______________________________________________







ABBYY FineReader 5.0 Sprint Plus
Actiontec Gateway
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
AIM 6.0
AOL Instant Messenger
AppCore
Apple Software Update
ArcSoft Software Suite
AV
BCM V.92 56K Modem
Broadcom Advanced Control Suite
ccCommon
Crusaders of Might and Magic(TM)
Dell Picture Studio - Dell Image Expert
Dell Support
Diablo II
DVDSentry
Easy CD Creator 5 Basic
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoStarter3.0
EPSON Printer Software
EPSON RX500 Reference Guide
EPSON Scan
EPSON Smart Panel
Form Workshop 1200
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
hp deskjet 5600
HP DeskJet 690C Series (Remove only)
Intel(R) Extreme Graphics Driver
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 5
KeySuite (TM)
Linksys Wireless-G PCI Network Adapter with SpeedBooster
LiveUpdate 3.1 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
MechWarrior 3
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Outlook Connector
Microsoft Office Publisher 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Morpheus 5.2 (remove only)
Morrowind
Mozilla Firefox (1.5.0.11)
MSN
MSRedist
MSXML 4.0 SP2 (KB927978)
MUSICMATCH Jukebox
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Norton WMI Update
OIN
Paint Shop Pro 7
Palm Desktop
PowerDVD
QuickConnect
Quicken 2004
QuickTime
Qwest QuickCare 2.0
Roll
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
SPBBC 32bit
Starcraft
StealthBot v2.6 Revision 3 (remove only)
SwiftSwitch
SymNet
TES Construction Set
Tukati Client:GameZone
Tukati Redistributor:GameZone
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Ventrilo Client
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Warcraft II BNE
Westwood Shared Internet Components
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows SR 5.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 2002
WordPerfect Office 2002
World of Warcraft
Xvid 1.1.2 final uninstall






____________________________________




i couldnt install that scanner it said this
"Please wait to update the virus definitions...
Unknown error detected while checking the license for Kaspersky Online Scanner product."

i tryed it agian said the same thing
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 5th, 2007, 11:02 pm

Hi Sd-Vortex

Is this the link you click on? You have to use Internet Explorer not Mozilla Firefox. Let me know.

http://www.kaspersky.com/downloads/kws/kavwebscan.html
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 5th, 2007, 11:12 pm

ya i used that link and yes im using internet explorer but it still gives me that message idk whats wrong
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 5th, 2007, 11:13 pm

Hi Sd-Vortex

lets try this one and let me know if it won't run.

Run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site click the "Scan your PC" button NOTE: If you have a popblocker enable you will have to allow popup here.
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes. You may have to reboot here and start back with step 1. I did.)
10. Click on "Local Disks" to start the scan
11. Post Panda scan results in your next reply with others requested.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby tim s » April 6th, 2007, 12:32 am

Hi Sd-Vortex,

I have found one of the problems here OIN this is in your HJT uninstall list we will have to take care of this first.
We will have to remove it in a certain order here Please do the following.

Don't reboot!

Next..........

Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed


The above must be done first before installing MVP host files are you will not be able to get the uninstaller downloaded.
------------------------------------------------------------------------------
  • . We will have to Block the sites it updates from by installing MVP hosts files.
    • Download and hosts.zip from HERE and click save next screen left side click on desktop to download to your desktop.
    • Now right-click on hosts.zip and choose Extract all...
    • Now click next button and follow prompts it will install itself to correct location. It will create a folder on your desktop called hosts
    • Now It should display contains of folder automatically, if it didn't you will have to open hosts folder manually.
    • Double-click on the mvps.bat file, it will rename your present HOSTS file to HOSTS.MVP, then it will copy the new HOSTS file to the correct location on your machine. It happens very quickly so don't blink!

Please note that a large HOSTS file (over 135 kb) may slow down the machine. This only occurs in W2K and XP.

To fix this:
Go to Start > Run (type) services.msc > OK
Scroll down to DNS Client, Right-click and select: Properties
Click the drop-down arrow for "Startup type"
Select: Manual, click Apply/Ok andnow you can reboot.

If you want to restore MS original hosts file after you're clean.... let me know after I tell you that you are clean.

----------------------------------------------------------------------------------------------------------------


Please do the following:
Here we are going to clean out cookies and temp files from your computer.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here It will start to download automatically. If ask if you want to download let it. Save to your Desktop.
Note: If you get and Error page from this link.
Try again you will see this message Your download of CCleaner will automatically start in 5 seconds. Click here if it does not do not wait go ahead and click on it.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Follow prompts to install finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
    • On the Windows tab, under Internet Explorer,
      • All Boxes should have a check mark. (You will need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
    • On the Windows tab, under Windows Explorer,
      • All Boxes should have a check mark.
    • On the Windows tab, under System,
      • All Boxes should have a check mark.
    • On the Windows tab, under Advanced,
      • NO check marks
  • If you use either the Firefox or Mozilla browsers, the box to put check in for "Cookies" is on the Applications tab, under Firefox/Mozilla. If already checked move to next step.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
  • You will need to reboot here if not ask to do so.
_______________________________

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Here we are going to just make sure this tool is setup correctly Do not run scan yet.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
    • Click on Scanner on the toolbar at top of this screen.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Close AVG Anti-Spyware without running yet.
Now disable (turn off AVG Anti-Spyware)
  • Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should fix screen a little better.

  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.

Image

IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button.(3)
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop. I will need you to post this in your next reply.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

______________________________

Please post:
  • AVG Anti-Spyware log
  • A new HijackThis log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 6th, 2007, 1:07 am

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.overture.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.com.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.bfast.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.ehg-ubisoft.hitbox.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.belnk.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.zedo.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[statse.webtrendslive.com/S152628]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[statse.webtrendslive.com/dcs2omr9fpifwznrgv67zf9ub_7p8i]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\tc7rx989.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nate\Cookies\nate@2o7[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nate\Cookies\nate@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nate\Cookies\nate@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Nate\Cookies\nate@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nate\Cookies\nate@ads.pointroll[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Nate\Cookies\nate@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nate\Cookies\nate@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Nate\Cookies\nate@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Nate\Cookies\nate@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Nate\Cookies\nate@as-us.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Nate\Cookies\nate@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nate\Cookies\nate@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nate\Cookies\nate@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nate\Cookies\nate@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nate\Cookies\nate@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Nate\Cookies\nate@bfast[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Nate\Cookies\nate@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nate\Cookies\nate@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Nate\Cookies\nate@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nate\Cookies\nate@casalemedia[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Nate\Cookies\nate@cgi-bin[10].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Nate\Cookies\nate@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Nate\Cookies\nate@cgi-bin[7].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nate\Cookies\nate@com[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Nate\Cookies\nate@cs.sexcounter[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Nate\Cookies\nate@data.coremetrics[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nate\Cookies\nate@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nate\Cookies\nate@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nate\Cookies\nate@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Nate\Cookies\nate@entrepreneur[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Nate\Cookies\nate@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nate\Cookies\nate@fastclick[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Nate\Cookies\nate@go.winantispyware[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Nate\Cookies\nate@hitbox[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nate\Cookies\nate@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nate\Cookies\nate@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nate\Cookies\nate@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Nate\Cookies\nate@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Nate\Cookies\nate@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nate\Cookies\nate@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nate\Cookies\nate@serving-sys[1].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Nate\Cookies\nate@sexlist[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Nate\Cookies\nate@statcounter[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nate\Cookies\nate@stats.drivecleaner[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nate\Cookies\nate@statse.webtrendslive[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Nate\Cookies\nate@target[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Nate\Cookies\nate@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Nate\Cookies\nate@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nate\Cookies\nate@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Nate\Cookies\nate@winantispyware[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Nate\Cookies\nate@www.burstbeacon[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nate\Cookies\nate@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Nate\Cookies\nate@www.errorsafe[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nate\Cookies\nate@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nate\Cookies\nate@zedo[2].txt
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\Nate\Local Settings\Temp\ab1.exe
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@64.62.232[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@belnk[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@dist.belnk[1].txt
Spyware:Cookie/empnads Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@empnads[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@i.screensavers[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@image.checkmystats.com[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\Cookies\nate@webpower[1].txt
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Nate\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\18Wheels_of_Steel-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\AgeOfCastles_Setup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\D2ProphecySetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\RollerCoasterTycoon2-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\WormsArmageddon-dm[1].exe
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Adware:Adware/FlashTrack Not disinfected C:\Program Files\Common Files\Java\xclean.exe
Spyware:Spyware/BetterInet Not disinfected C:\RECYCLER\NPROTECT\00099352.dat
Spyware:Spyware/BetterInet Not disinfected C:\RECYCLER\NPROTECT\00099353.DAT
Spyware:Cookie/n-CASE Not disinfected C:\RECYCLER\NPROTECT\00099381.TXT
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00099382.TXT
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00099384.TXT
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00099387.TXT
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00099388.TXT
Adware:adware/downloadware Not disinfected C:\WINDOWS\Digital Signature 20041101.htm
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\biN.inf
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Spyware:spyware/media-motor Not disinfected C:\WINDOWS\mm20.ocx
Adware:adware/ncase Not disinfected C:\WINDOWS\msbb.exe.temp
Adware:adware/startpage.dd Not disinfected C:\WINDOWS\protector.exe
Adware:Adware/Transponder Not disinfected C:\WINDOWS\SYSTEM32\biN.exe
Adware:Adware/Transponder Not disinfected C:\WINDOWS\SYSTEM32\in1bNs.dll
Potentially unwanted tool:Application/PerfectKeylog.AI Not disinfected C:\WINDOWS\SYSTEM32\inst_Eliteclient.exe[rinst.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\mac80ex.idf[C:/WINDOWS/System32/msbe.dll]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\mac80ex.idf[C:/Program Files/BullsEye Network/bin/bargains.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\mac80ex.idf[C:/Program Files/BullsEye Network/bin/adv.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\mac80ex.idf[C:/Program Files/BullsEye Network/bin/adx.exe]
Virus:Trj/Downloader.CJF Disinfected C:\WINDOWS\SYSTEM32\megaV2wbr.dll
Adware:Adware/RXToolbar Not disinfected C:\WINDOWS\SYSTEM32\RXBarsetupV2.dll
Adware:Adware/Transponder
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby Sd-Vortex » April 6th, 2007, 1:27 am

okay im confused on this part
"Select: Manual, click Apply/Ok andnow you can reboot."
do u want me to rebot or are you just saying i can
and also this part
"CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner"
what are temporary folders???
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 6th, 2007, 10:43 am

okay im confused on this part
"Select: Manual, click Apply/Ok andnow you can reboot."
do u want me to rebot or are you just saying i can
and also this part


This part is because if you notice a big slow down in the way your computer runs it can be set to manual not automatic.

To fix this:
Go to Start > Run (type) services.msc > OK
Scroll down to DNS Client, Right-click and select: Properties
Click the drop-down arrow for "Startup type" <<<< click the arrow to the for right of the box you will see 3 choices choose Manual
Then click the Apply button then click the Ok button and you will have to restart your computer for settings to taken effect.

If you are still having problems with this part let me know. If it is not slowing your computer down you can skip this part and we can take care of it later when your system is clean. Just let me know.


"CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner"
what are temporary folders???


Temp folder:::
In computing, a temporary folder or temporary directory is a directory used to hold temporary files used by applications they are suppose to empty out on reboot. But that is not always the case that will be leftovers by other applications and a lot of time bad stuff. So they need to be emptied out manually or with a tool like Ccleaner.

So if you did not put something in the Temp folder on purpose then it needs to be cleaned out. Just run Ccleaner the way I had you set it up.

Thanks for asking questions that let me know how things are going.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 6th, 2007, 5:47 pm

heres my Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:45:22 PM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX500 on TOSHIBA] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" /P40 "Auto EPSON Stylus Photo RX500 on TOSHIBA" /O18 "\\TOSHIBA\EPSONSty" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QUICKCARE] "C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" /P QUICKCARE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/c ... /ct1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites ... nstall.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)




__________________________________





and heres the AVG Anti-Spyware



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:21:18 PM 4/6/2007

+ Scan result:



C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212241.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217504.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217504.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/WINDOWS/System32/msbe.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mbbi8016.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\biN.exe/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\biN.exe/preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tdbN.dll/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tdbN.dll/preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\xclean.exe -> Adware.Broadcap : Cleaned with backup (quarantined).
C:\Program Files\Bcpc -> Adware.BroadcastPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212401.dll -> Adware.Solution : Cleaned with backup (quarantined).
C:\Downloads\18Wheels_of_Steel-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\AgeOfCastles_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\D2ProphecySetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\RollerCoasterTycoon2-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\WormsArmageddon-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Adware.WebSearch : Error during cleaning.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212400.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212338.exe -> Downloader.Delf.aup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217493.dll -> Dropper.Small.abd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\in1bNs.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217503.dll -> Dropper.Small.op : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0224904.dll -> Dropper.Small.xm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217490.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00099381.TXT -> TrackingCookie.180solutions : Cleaned.
C:\RECYCLER\NPROTECT\00099383.TXT -> TrackingCookie.180solutions : Cleaned.
C:\RECYCLER\NPROTECT\00099385.TXT -> TrackingCookie.180solutions : Cleaned.
C:\RECYCLER\NPROTECT\00099382.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00099388.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00099384.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00099387.TXT -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\NPROTECT\00099386.TXT -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Nate\My Documents\download\littlevasa\Here It Is.exe -> Trojan.Multidropper.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212322.exe -> Trojan.Steal : Cleaned with backup (quarantined).


::Report end
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 6th, 2007, 6:20 pm

Hello Sd-Vortex

Thanks for posting log.

Viewpoint components are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto?updating for the Viewpoint Manager" ?? the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.


I recommend that you remove the Viewpoint products; however, decide for yourself.


Add/Remove Programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following:

    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
You will need to reboot computer to complete uninstall.

-------------------------------------------------------------------

Now please do the following.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


------------------------------------------------------------------------

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by viruses. You need to update.

Download the latest version of Java Runtime Environment (JRE) 6u1
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u 1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Click Start then Control Panel > then Add/Remove Programs and remove all older versions of Java.
  • Remove any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed to complete uninstall.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.


---------------------------------------------------------------------

Please post these:
SDFix Report.txt
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 6th, 2007, 8:38 pm

heres my SDFix log



SDFix: Version 1.77

Run by Nate - Fri 04/06/2007 - 18:46:28.92

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Nate\Desktop\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\4BSPEZOF\LINKSY~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\4BSPEZOF\POC30D~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\4BSPEZOF\POPSET~4.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\OT2JQP0H\GEMTEK~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\HRLYPN35.EXE - Deleted



ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"="C:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe:*:Enabled:Warcraft II Battle.net Edition"
"C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Tukati\\Redistributor\\4\\TukatiRedistributor.exe"="C:\\Program Files\\Tukati\\Redistributor\\4\\TukatiRedistributor.exe:*:Disabled:Redistributor DLL Wrapper"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"="C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe:*:Enabled:rct"
"C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE:*:Enabled:LiveUpdate Engine COM Module"
"C:\\Program Files\\Diablo II\\Game.exe"="C:\\Program Files\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Westwood\\SUN\\GAME.ICD"="C:\\Westwood\\SUN\\GAME.ICD:*:Disabled:Main executable for Tiberian Sun"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\Common Files\\aol\\1137648944\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\aol\\1137648944\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\UA100.exe"="C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\UA100.exe:*:Disabled:PerfectExpert"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Disabled:Starcraft"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\aol\\1137648944\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\aol\\1137648944\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Nate\Desktop\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\msbb.exe.temp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Program Files\InterActual\InterActual Player\iti27A.tmp

Finished





______________________________________




and heres a new Hijackthis log






Logfile of HijackThis v1.99.1
Scan saved at 7:36:15 PM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX500 on TOSHIBA] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" /P40 "Auto EPSON Stylus Photo RX500 on TOSHIBA" /O18 "\\TOSHIBA\EPSONSty" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QUICKCARE] "C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" /P QUICKCARE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/c ... /ct1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites ... nstall.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)



_________________________________________________




okay i installed the new Java and i have a question all these scanners that im downloading will i be able to uninstall them at the end of this?? or should i just keep them
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 6th, 2007, 9:34 pm

Hello Sd-Vortex,


okay i installed the new Java and i have a question all these scanners that im downloading will i be able to uninstall them at the end of this?? or should i just keep them


I always wait until I get system clean then I will let you know what you need to delete that is of no longer needed. I will post information when your system is clean on what you may want to keep.

I need to know if you decided to keep Viewpoint Manager so I will know if I need to not include in the next removal fix I am preparing for you?
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware