[Closed] "not-a-virus;AdWare.Win32.E404.ik"

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Closed] "not-a-virus;AdWare.Win32.E404.ik", Pesky virus downloaded by my son

Options

sgent67 View Member Profile	Oct 9 2008, 04:21 PM Post #1
New Member Group: New Member Posts: 2 Joined: 9-October 08 Member No.: 81,886 Operating System: Windows XP	My son recently downloaded a virus on my PC. The virus was disguised as free anti-virus software, and I now get constant pop-ups asking me to download anti-virus programs. My web explorer home page has been hijacked, and I have located the virus on my C drive, but am unable to delete it. The following file appears to have a non-deletable virus in it: C:\WINDOWS\system32\768890\768890.dll I downloaded HijackThis as a last attempt to rid my PC of this problem, but do not know where to go from here. This is causing numerous problems with work I do from home, and for my daughters when they are doing their schoolwork. Help would be greatly appreciated! Below is the start-up log I ran from HijackThis: C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe C:\Program Files\Common Files\AOL\1144372511\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\algg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Pure Networks\Router Service\pnroutsv.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ehTray = C:\WINDOWS\ehome\ehtray.exe AlwaysReady Power Message APP = ARPWRMSG.EXE NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install RTHDCPL = RTHDCPL.EXE Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE PCDrProfiler = HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe HostManager = C:\Program Files\Common Files\AOL\1144372511\ee\AOLSoftware.exe AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe nmapp = "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun Kernel and Hardware Abstraction Layer = KHALMNPR.EXE Easy Synchronization = C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe Logitech Hardware Abstraction Layer = KHALMNPR.EXE SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe Bluetooth Connection Assistant = LBTWIZ.EXE -silent ALCMTR = ALCMTR.EXE hpsysdrv = c:\windows\system\hpsysdrv.exe RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime ANTIVIRUS = C:\Program Files\MSX\MSx.exe AVP = "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" 4389d48a = rundll32.exe "C:\WINDOWS\system32\jimuxbtr.dll",b BM40bae716 = Rundll32.exe "C:\WINDOWS\system32\jrmwmrdj.dll",s -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce Easy Synchronization = C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe ANTIVIRUS = C:\Program Files\MSX\MSx.exe wblogon = C:\WINDOWS\system32\algg.exe AOL Fast Start = "C:\Program Files\America Online 9.0\AOL.EXE" -b AdobeUpdater = C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [AutorunsDisabled] No values found [OptionalComponents] = -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=INI section not found run=INI section not found Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKLM\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKLM\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKCU\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKCU\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKCU\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=auwaak.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=Registry value not found drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry value not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job -------------------------------------------------- Enumerating Download Program Files: [ScrabbleCubes Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\SCRABB~1.OCX CODEBASE = http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab [SpinTop DRM Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\stg_drm.ocx CODEBASE = file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab [{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] CODEBASE = http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab [{26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}] CODEBASE = http://pictures.aol.com/ap/Resources/2.0.3...ns.10.4.0.3.cab [Snapfish Activia] InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx CODEBASE = http://www2.snapfish.com/SnapfishActivia.cab [PowerLoader Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\PowerLoader.dll CODEBASE = http://powerchallenge.com/applet/PowerLoader.cab [EPUImageControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll CODEBASE = http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://www.update.microsoft.com/microsoftu...b?1186660668937 [SecureLogin class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\securelogin.ocx CODEBASE = http://secure2.comned.com/signuptemplates/...login-devel.cab [Yahoo! Webcam Upload Wrapper] InProcServer32 = C:\WINDOWS\Downloaded Program Files\yuplapp.dll CODEBASE = http://chat.yahoo.com/cab/yuplapp.cab [Wwlaunch Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\wwlaunch.ocx CODEBASE = http://www.worldwinner.com/games/shared/wwlaunch.cab [NeffyLauncherCtl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\NeffyLauncher.dll CODEBASE = http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab [ArmHelper Control] InProcServer32 = ./Images/armhelper.ocx CODEBASE = file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab [InstantAction Game Launcher] InProcServer32 = C:\WINDOWS\Downloaded Program Files\iaplayer.dll CODEBASE = http://www.instantaction.com/download/iaplayer.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run smile = C:\Program Files\Applications\wcs.exe -------------------------------------------------- End of report, 11,534 bytes Report generated in 0.078 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

LDTate View Member Profile	Oct 9 2008, 04:41 PM Post #2
Forum God Group: Root Admin Posts: 40,638 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	I need to see the full HijackThis log now., including the top and bottom. Open HijackThis and select: Do a system scan and save a log file. When the scan is finished, Click Edit> Select All> Edit> Copy> and paste its contents here

sgent67 View Member Profile	Oct 9 2008, 04:48 PM Post #3
New Member Group: New Member Posts: 2 Joined: 9-October 08 Member No.: 81,886 Operating System: Windows XP	Logfile of HijackThis v1.99.1 Scan saved at 6:45:10 PM, on 10/9/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe C:\Program Files\Common Files\AOL\1144372511\ee\AOLSoftware.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\algg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Pure Networks\Router Service\pnroutsv.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...amp;c=Q106& bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qwertypages.com/?cm=811173&...%2001%3A53%3A06 &dt=2008-10-06%2000%3A00%3A34&q=http://www.aol.com/puccini/start R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file) O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144372511\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MSX\MSx.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" O4 - HKLM\..\Run: [4389d48a] rundll32.exe "C:\WINDOWS\system32\jimuxbtr.dll",b O4 - HKLM\..\Run: [BM40bae716] Rundll32.exe "C:\WINDOWS\system32\jrmwmrdj.dll",s O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MSX\MSx.exe O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...ml?p=ZJxdm189YY US O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca ,C=US\IEButton\support.htm (file missing) O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca ,C=US\IEButton\support.htm (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...ei-3/ZwinkyInit ialSetup1.0.1.0.cab O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - http://pictures.aol.com/ap/Resources/2.0.3...lugins.10.4.0.3. cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powerchallenge.com/applet/PowerLoader.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...cture_Control_v 1-0-3-48.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...trols/en/x86/cl ient/muweb_site.cab?1186660668937 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\PROGRA~1\COMMON~1\G7PS\SHARED~1\G7PSDLL\G7PS.dll O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll O20 - AppInit_DLLs: ogzrji.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: The Shield Deluxe 2008 (AVP) - Unknown owner - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe

LDTate View Member Profile	Oct 9 2008, 04:50 PM Post #4
Forum God Group: Root Admin Posts: 40,638 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Open Notepad, click on Format and uncheck Word Wrap. Stay with this topic until I give you the all clean post. You might want to print these instructions out. I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Next: Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. Also "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

LDTate View Member Profile	Oct 16 2008, 05:45 PM Post #5
Forum God Group: Root Admin Posts: 40,638 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal [Resolved] Page load error, and browser popup 12	20	02dakota	215	Today, 09:20 PM Last post by: Tomk
HijackThis™ Logs and Infections Removal Problems on Virus Removal	11	3streamMusic	58	Today, 09:06 PM Last post by: 3streamMusic
HijackThis™ Logs and Infections Removal [Closed] Mother-in-laws computer Antivirus 2009	4	CaptFlynn	77	Today, 06:35 PM Last post by: IndiGenus
HijackThis™ Logs and Infections Removal Unknown virus 12	24	junior2	315	Today, 06:16 PM Last post by: RatHat