Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Pop up ADS and Homepage change

Started by cskelly , Dec 10 2005 02:29 AM

  • This topic is locked This topic is locked
26 replies to this topic

#1 cskelly

cskelly

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 December 2005 - 02:29 AM

Ads when I open ie. I plan to use mozilla more but still want this fixed. I have run ad-aware SE several times, as well as microsofts spyware. Ran symantic Virus scan and trendmircors "house call." Im in the process of running "The Cleaner 4.1 pro" as well as RegCleaner4.3

This is my log after a fresh restart Nothing enabled in msconfig:

Logfile of HijackThis v1.99.1
Scan saved at 12:57:20 AM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

Edited by cskelly, 10 December 2005 - 03:05 AM.

    Advertisements

Register to Remove

#2 cskelly

cskelly

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 December 2005 - 03:04 AM

This is a log With "Normal Restart" nothing disabled in msconfig:

Logfile of HijackThis v1.99.1
Scan saved at 1:03:23 AM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\timessquare.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\The Cleaner\tca.exe
C:\PROGRA~1\COMMON~1\uqrf\uqrfm.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\COMMON~1\uqrf\uqrfa.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [adtech2006] c:\windows\adtech2006.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKCU\..\Run: [uqrf] C:\PROGRA~1\COMMON~1\uqrf\uqrfm.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 December 2005 - 07:33 AM

Hello cskelly, Welcome to the forum.

This is what I suggest you do.


Please do not delete anything unless instructed to.


Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#4 cskelly

cskelly

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 December 2005 - 02:41 PM

I am going to run all of what you said and I hope it fixes this problem too: When I load into ANY safe mode (with prompt, with network) it just reboots within a few seconds. I access by using the f8, select the mode, hit enter. It loads fine. I select admin, it goes into the screen where there is a msg. I hit ok on that msg. It goes to the desketop and then reboots (not always the same place, just in an amount of time. If i waited, it would reboot at "select profile"). Any idea? UPDATE: Ran SpyBot and Adware. SpyBot found a few things and removed all but 2: Command Services. It says it can not remove and try rebooting to run it. So i did, still no luck. Like I said, I can not stay in Safe mode long enough to do anything. And need that fixed so I can continue!

Edited by cskelly, 10 December 2005 - 03:16 PM.

#5 cskelly

cskelly

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 December 2005 - 03:34 PM

Ran the Ewido Scan: Here is the Report: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 1:32:38 PM, 12/10/2005 + Report-Checksum: 34BB65AC + Scan result: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup C:\contextplus.exe -> Trojan.Crypt.t : Cleaned with backup :mozilla.7:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.8:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.9:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup :mozilla.13:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup :mozilla.15:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.16:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.18:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.19:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.20:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.21:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.22:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.23:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.29:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.30:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.31:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.32:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.34:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.38:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.39:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.40:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.41:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.42:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.48:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.49:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.56:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.57:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.99:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.100:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup :mozilla.101:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup :mozilla.102:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup :mozilla.103:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup :mozilla.104:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup :mozilla.107:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.111:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.112:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.113:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.114:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.119:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.120:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.121:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.122:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.123:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.124:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.125:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.126:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.127:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.149:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.150:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.158:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.159:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.160:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.185:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.186:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.194:C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\rnx6aavx.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Cole\Cookies\cole@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Cole\Cookies\cole@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup C:\Documents and Settings\Cole\Cookies\cole@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Cole\Cookies\cole@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Cole\Cookies\cole@e-2dj6wjnysmdjefq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Cole\Cookies\cole@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Cole\My Documents\download\bf2offthehook\backups\backup-20051209-231726-361.dll -> Spyware.Suggestor : Cleaned with backup C:\Documents and Settings\Cole\My Documents\download\bf2offthehook\backups\backup-20051209-231807-890.dll -> Spyware.Suggestor : Cleaned with backup C:\Documents and Settings\Cole\My Documents\download\bf2offthehook\backups\backup-20051209-232218-639.dll -> Spyware.Suggestor : Cleaned with backup C:\drsmartload1.exe -> Downloader.VB.ri : Cleaned with backup C:\inrh9400.exe -> Downloader.Small.bke : Cleaned with backup C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup C:\Program Files\Common Files\uqrf\uqrfa.exe -> Downloader.TSUpdate.l : Cleaned with backup C:\Program Files\Common Files\uqrf\uqrfd\uqrfc.dll -> Downloader.Small : Cleaned with backup C:\Program Files\Common Files\uqrf\uqrfl.exe -> Downloader.TSUpdate.p : Cleaned with backup C:\Program Files\Common Files\uqrf\uqrfm.exe -> Downloader.TSUpdate.n : Cleaned with backup C:\Program Files\Common Files\uqrf\uqrfp.exe -> Downloader.TSUpdate.f : Cleaned with backup C:\Program Files\QL\qlink32.dll -> Spyware.Suggestor : Cleaned with backup C:\Program Files\QL\uninstall.exe -> Adware.Suggestor : Cleaned with backup C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup C:\WINDOWS\timessquare.exe -> Hijacker.StartPage.aw : Cleaned with backup ::Report End

#6 cskelly

cskelly

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 December 2005 - 03:35 PM

HJT Log: No Services (other than microsoft) and No applications to boot up under msconfig Logfile of HijackThis v1.99.1 Scan saved at 1:34:34 PM, on 12/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 December 2005 - 03:49 PM

Is this log in Normal Mode? If not, please reboot normal mode and post a new HJT log please.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#8 cskelly

cskelly

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 December 2005 - 04:05 PM

Still can not remove 2 entries under SPYBOT S&D: Command Services - Registry Key


Logfile of HijackThis v1.99.1
Scan saved at 2:04:15 PM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [adtech2006] c:\windows\adtech2006.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [uqrf] C:\PROGRA~1\COMMON~1\uqrf\uqrfm.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 December 2005 - 04:31 PM

I suggest you do this:


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Use Add/Remove Programs and remove: If listed.
Viewpoint Manager


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe

O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [adtech2006] c:\windows\adtech2006.exe

O4 - HKCU\..\Run: [uqrf] C:\PROGRA~1\COMMON~1\uqrf\uqrfm.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Close ALL windows and browsers except HijackThis and click "Fix checked"



delete these folders if listed:
C:\PROGRAAM FILES\COMMON FILES\uqrf


delete these files if listed:
C:\windows\timessquare.exe
C:\WINDOWS\system32\sw20.exe
C:\WINDOWS\system32\igps.exe
c:\windows\adtech2006.exe


Open C:\Windows\Prefetch\ Delete ALL files in this folder.



Do this also if these Temp Folders are part of your OS.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.


Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

Edited by LDTate, 10 December 2005 - 04:31 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#10 cskelly

cskelly

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 December 2005 - 04:57 PM

Still Cant Delete Some of the Command Services. Only 1 or 2 Popups now. Logfile of HijackThis v1.99.1 Scan saved at 2:55:51 PM, on 12/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\The Cleaner\tcm.exe C:\Program Files\The Cleaner\tca.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\HJT\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    Advertisements

Register to Remove

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 December 2005 - 05:00 PM

Still Cant Delete Some of the Command Services.

Does it show what files they are?
Can you post exactly what it shows?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#12 cskelly

cskelly

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 December 2005 - 05:06 PM

Command Service: Settings (Registry key, fixing failed) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService Command Service: Settings (Registry key, fixing failed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService MediaPlex: Tracking cookie (Internet Explorer: Cole) (Cookie, fixed)

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 December 2005 - 05:17 PM

Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService

You need to change permissions for those:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services <--Right Click and selcet Permissions. You want to Highlite your user name and put a Check in Full Control.

Same with this one.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services

Now try to delete them:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#14 cskelly

cskelly

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 December 2005 - 05:23 PM

Says it may be in use (in memory)

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 December 2005 - 05:25 PM

Restart your computer in Safe Mode. Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen. Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter. Now try it.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·