Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

General computer lag

Started by Hippiedude , Apr 15 2006 03:03 PM

  • This topic is locked This topic is locked
11 replies to this topic

#1 Hippiedude

Hippiedude

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 15 April 2006 - 03:03 PM

My computer has just been going slower than normal lately.

Logfile of HijackThis v1.99.1
Scan saved at 4:55:48 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\sgmain.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: SpywareGuard.lnk = C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BDX - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BDX.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JVIEUIEGM - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JVIEUIEGM.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe


Thanks

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 21 April 2006 - 10:13 PM

Hippiedude,

Welcome to the forum.

Download and install Ewido Anti-Malware
Ewido Anti-Malware
* When installing, under Additional Options uncheck
* Install background guard
* Install scan via context menu
* Launch Ewido, there should be an icon on your desktop.
o Click on update
o You should see Update Complete when done.
o Now close out the program <-- Dont run it yet


Now reboot into Safemode

* Go to Start> Shut off Your Computer> Restart
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to Safemode
* Then press the Enter Key on your Keyboard


Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.


Reboot normally and lets run this cleaner.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Select files to Delete ---> Select All
Click the Empty Selected button.


Post back with the Ewido Report and a new HJT log

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 Hippiedude

Hippiedude

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 22 April 2006 - 12:37 AM

Starting that right now.

#4 Hippiedude

Hippiedude

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 22 April 2006 - 02:20 AM

Alright, Here's the ewido log.


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:54:04 AM, 4/22/2006
+ Report-Checksum: 98B973AD

+ Scan result:

:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.628:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d992pe9s.Default User\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\netdevil.zip/Edit-server.exe -> Backdoor.NetDevil.15 : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\netdevil.zip/Net-Devil.exe -> Backdoor.NetDevil.15 : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\netdevil.zip/Server.exe -> Backdoor.NetDevil.15 : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\system32\astr.exe -> Downloader.VB.na : Cleaned with backup
C:\WINDOWS\system32\h0f4.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\WINDOWS\system32\pu852.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\WINDOWS\system32\w9l.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\WINDOWS\system32\winlogi.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\WINDOWS\w9l.sys -> Trojan.Kolweb.g : Cleaned with backup


::Report End




And the new HiJack this log.

Logfile of HijackThis v1.99.1
Scan saved at 4:11:42 AM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\sgmain.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: SpywareGuard.lnk = C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BDX - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BDX.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Administrator\My Documents\dominics stuff\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JVIEUIEGM - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JVIEUIEGM.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

#5 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 22 April 2006 - 08:11 AM

Hippiedude,

You may have two bad running services that are the root of your problem, but before we remove them we need to be 100% sure so as not to disrupt your system for functioning normally. They are both running out of a temp directory which is not a good sign.



* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK

* Don't forget to reverse this once your computer is clean



C:\Documents and Settings\Administrator\Local Settings\Temp\BDX.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\JVIEUIEGM.exe



What I need you to do is upload each of these files to the sites I have listed, you use the browse feature so follow the path in the quotes , the files we are looking at are BDX.EXE and JVIEUIEGM.EXE. They will let you save the report, post them back here when done and if they come up bad we can remove them

http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustota...h/index_en.html


Ken

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#6 Hippiedude

Hippiedude

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 22 April 2006 - 03:40 PM

=/ There seems to be a problem.

I can't find either of those files in the directory you listed.



edit/illukka:
double post removed

Edited by illukka, 22 April 2006 - 03:46 PM.

#7 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 22 April 2006 - 04:54 PM

Not to worry, lets do this.


Open HJT Scan Only, close your browser and all open windows, check these two entries and click on Fix Checked.

O23 - Service: BDX - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BDX.exe (file missing)
O23 - Service: JVIEUIEGM - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JVIEUIEGM.exe (file missing)




Open HJT > Misc Tools > Delete an NT Service
* Type in BDX
* Then click on OK, it will ask you to reboot, do so.




Open HJT > Misc Tools > Delete an NT Service
* Type in JVIEUIEGM
* Then click on OK, it will ask you to reboot, do so.


Post a new HJT log and hopefully it will be gone. Let me know how your system is running now.


Ken

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#8 Hippiedude

Hippiedude

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 22 April 2006 - 06:23 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:15:40 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\sgmain.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: SpywareGuard.lnk = C:\Documents and Settings\Administrator\My Documents\dominics stuff\RAR files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Administrator\My Documents\dominics stuff\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe




It seems to be running fine now.

#9 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 22 April 2006 - 07:18 PM

Hippiedude,


Those bad services are gone. :thumbup:


msgplus.exe is distributed as a third party MSN extension. However is also spyware if installed with the sponsor program it offers to install. If this optional sponsor program was installed, this process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. Please see additional details regarding this process.



C:\Program Files\MessengerPlus! 3\MsgPlus.exe
If you did not read the EULA when you installed this program, it may have spyware installed along with it. What I suggest you do is go to the Add-Remove Programs in the Control Panel and uninstall this program. Then if you want to use it, redownload it and when you install it, uncheck any third party add-ons.



C:\Program Files\Viewpoint\Viewpoint Manager
This program is not malicious but was installed without your knowledge or consent. Remove it also and then after uninstalling both programs, remove the entries with HJT.

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe





Here are some free programs and tips for keeping your system up to date, and to help keep all the riff raff out of your system.

Be sure to follow the instructions for System Restore because everything we removed is backed up in that program and if you ever use it to revert your system to an earlier date, you can reinfect your self all over again.


Download and Install CCleaner
* Click on Run Cleaner
* Run the Issues Scan < When it asks you to backup the Registry..Say Yes
Tutorial for CCleaner


Now that your clean, we need to erase all possible older infected files that may still be lurking on your system.
* Clean out your TEMP FILES
* This procedure should be run from SAFEMODE for better results.

To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

* Go to My Computer/ C: Drive/ Documents and Settings/ Every User on this Computer Local Settings
and delete all the contents of the Temp Folder and the Temporary Internet Files Folder <--Just the contents, not the folder itself.

* Go to My Computer/ C:/ Windows/ Temp and delete all the contents of the Temp Folder <-- But not the temp folder itself.

* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder. <--But not the Prefetch folder itself.


NOW RE-BOOT NORMALLY


* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.

Now Empty your Recycle Bin

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your
system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

* Right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

* Right-click My Computer.
* ClickProperties.
* Click the System Restore tab.
* UN-Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

* Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You can name the restore point anything you like, something that you can remember, You will have to be in Catagory View to see this

* Make sure that your ANTI-VIRUS SOFTWARE is up to date and run a full scan at least once aweek.

* Here are Free Anti-Virus Programs if you need one. Just install one because with AV software...MORE IS NOT BETTER.

AVG Free Edition
AntVir Personal Edition


* Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.

* Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.

* Spyware Blaster It will prevent most spyware from ever being installed.

* Spyware Guard It offers realtime protection from spyware installation attempts.

* Win Patrol This program will warn you when any changes are being made to your system and
give you the option to deny the change.

* IE- Spyad IE-Spyad places over 4000 web sites and domains
in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed,
although you will still be able to connect to the sites.

* Firefox Browser
It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use
them both. When it asks you if you want it to be your default browser, say NO and take the checkmark out of the box to ask you again. After you use this
for awhile, you will want to make it your default.

* Thunderbird Mail There companion mail program was highly favored in PCWorld Magazine,
this has a good spam filter and is more secure than Outlook Express.

* Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't
access the internet without it.

* WINDOWS UPDATES - Enable Automatic Updates
Right click on MY COMPUTER/Click on PROPERTIES/ AUTOMATIC UPDATES and put a mark in the radio button
DOWNLOAD UPDATES FOR ME BUT LET ME CHOOSE WHEN TO INSTALL THEM.

* Go to START/ CONTROL PANEL> PERFORMANCE AND MAINTENANCE> REARRANGE ITEMS ON YOUR HARD DISK TO MAKE PROGRAMS RUN FASTER
This is the Windows Disk Defragger, run this maybe once or twice a month to keep your system running good. The first time you run it, it may take awhile.


Glad things are better, thanks for stopping by Tom Coyote, I will leave this thread open for you for a few days in case you have any other issues.

Safe Surfin,

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#10 Hippiedude

Hippiedude

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 22 April 2006 - 08:36 PM

Thanks a lot man.

#11 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 22 April 2006 - 09:17 PM

your very welcome, Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#12 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 May 2006 - 08:27 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·