Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

please help, antispylab and others infecting my cpu


  • This topic is locked This topic is locked
13 replies to this topic

#1 d3ell

d3ell

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 16 May 2006 - 03:24 PM

please help, my cpu in infeced with antispylab and others, i cnt do anything with it as, as soon as wondows starts up i get a win32 startup error and none of the objects in the tray at thebottom show. then giant anispyware keeps detecting a transponder.DLMax and asks to remove, but as soon as it removes it, giant antispyware pops up again with the exact same error..... and then i get a windows security error which keeps poppin up and taking me to antispylab.com. i cant surf th web on it , because as soon as i go to change the page it says that there is an error and takesme back to antispylab.com i also keep getting a frequent popup message saying something like lsas error computer shutting down in 59sec.... then it counts down an when it gets to 40 it stops and another error pops up. saying lsas. i have tried to enter regedit but when i open it, the box turns a yellow color and i cant click on anything, all i can do is resize the columns.

just so u know, giant antispyware keeps finding lots of spyware an trojans, but as soon as it deletes them, they just seem to respawn.

i've had to send this hijackThis file from my laptop as the computer the hijack file is from is a complete mess.....

please...please.. help

<---hijackThis follows---->


Logfile of HijackThis v1.99.1
Scan saved at 21:57:29, on 16/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winsrv32.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\WINDOWS\system32\repigsp.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Administrator\My Documents\dan\virus removal\HijackThis.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServAlert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCShowBuzz] C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\{F8C3A0A3-F439-49DB-8057-371F752847AD}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

<----end----->


thanx, 4 lookin an please try to help

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 16 May 2006 - 03:46 PM

Hello d3ell, welcome to the TC Forums. Do you have a printer on your laptop?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 d3ell

d3ell

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 16 May 2006 - 04:03 PM

no, sorry... printer broken

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 16 May 2006 - 04:03 PM

Did you add these two lines to your Trusted Zones?
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: *.p0rt2.com

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)

O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)

O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)

O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)

O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)

O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)

O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe

O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe

O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\{F8C3A0A3-F439-49DB-8057-371F752847AD}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)


Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these Files if listed:
gcasDtServ.exe
C:\WINDOWS\system32\winsrv32.exe
C:\WINDOWS\system32\repigsp.exe
C:\WINDOWS\system32\susp.exe
C:\WINDOWS\system32\runsrv32.exe



1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 d3ell

d3ell

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 16 May 2006 - 04:41 PM

o.k then, done as you said, ticked all the boxes, closed all other pages and clicked fix now, i have also done the disk cleanup. but i cannot delete the files that you have listed as it says 'cannot delete (filename):access is denied make sure the file is not write protected or in use.' am i trying in to delete these right?? i just searched through the explorer till i found them then tried to right click and delete. i also tried to delete them through taskmanager, but when i open the task manager window it wont let me click on anything apart from the X in the top right corner.

before shutdown computer still had the pop ups from antispylab which said system32/lsass error. and also had the a big banner pop up saying computer infected, which then takes you to antispylab.
upon restarting the cpu i'm getting this

16 bit MS-DOS Subsystem
C:\WINDOWS\System32\runsrv.exe\
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. This file is not suitable for running MS-DOS nd microsoft windows applications choose 'close' to terminate the application


im still getting the giant antispyware pop saying warning transponder.DLMax spyware is trying to install, and i just got a pop upfrom the antispyab saying something about creditcard fraud detected


hope that helps....

<-----hijackThis log follows------>

Logfile of HijackThis v1.99.1
Scan saved at 23:32:58, on 16/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\WINDOWS\system32\winsrv32.exe
C:\Documents and Settings\Administrator\My Documents\dan\virus removal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: winapi32.MyBHO - {26C43C19-A1CE-456E-9CBF-77FFB9E92681} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCShowBuzz] C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

<--end--->

#6 d3ell

d3ell

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 16 May 2006 - 04:43 PM

oh and yes i do believe that i added them two things too my trusted zones.. i think they are for my guitar software thanx

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 16 May 2006 - 04:46 PM

See if you can get it to stay on the internet to download Spy Sweeper.


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Results from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#8 d3ell

d3ell

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 16 May 2006 - 06:49 PM

ello, that took a while!!!

nyway upon restart after doing the things you said, signs are looking good as i haven't had any pop ups yet! although i did still get this error

16 bit MS-DOS Subsystem
C:\WINDOWS\System32\runsrv.exe\
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. This file is not suitable for running MS-DOS nd microsoft windows applications choose 'close' to terminate the application

but apart from that things seem o.k up 2 press.

is that spysweeper a program worth actually buying and are there any other good programs you can reccomend so that this wont happen again???

<----here is the sweeper log file------>

********
23:53: | Start of Session, 16 May 2006 |
23:53: Spy Sweeper started
23:53: Sweep initiated using definitions version 678
23:53: Starting Memory Sweep
23:54: Found Adware: spysheriff fakealert
23:54: Detected running threat: C:\WINDOWS\system32\repigsp.exe (ID = 291520)
23:54: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
23:54: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
23:56: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
23:57: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
23:58: Found Adware: adwaresheriff fakealert
23:58: Detected running threat: C:\WINDOWS\system32\winsrv32.exe (ID = 291521)
23:58: Memory Sweep Complete, Elapsed Time: 00:04:53
23:58: Starting Registry Sweep
23:58: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
23:58: Found Adware: blazefind
23:58: HKCR\bridge.brdg\ (1 subtraces) (ID = 104437)
23:58: HKCR\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}\ (1 subtraces) (ID = 104449)
23:58: HKCR\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}\ (1 subtraces) (ID = 104459)
23:58: HKCR\jao.jao\ (1 subtraces) (ID = 104463)
23:58: HKLM\software\classes\bridge.brdg\ (1 subtraces) (ID = 104468)
23:58: HKLM\software\classes\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}\ (1 subtraces) (ID = 104482)
23:58: HKLM\software\classes\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}\ (1 subtraces) (ID = 104491)
23:58: HKLM\software\classes\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}\ (1 subtraces) (ID = 104501)
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}\ (1 subtraces) (ID = 104519)
23:58: HKLM\software\microsoft\windows\currentversion\uninstall\bridge\ (1 subtraces) (ID = 104547)
23:58: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
23:58: HKCR\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}\ (1 subtraces) (ID = 104567)
23:58: Found Adware: daily toolbar
23:58: HKCR\appid\dailytoolbar.dll\ (1 subtraces) (ID = 124556)
23:58: HKCR\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (1 subtraces) (ID = 124557)
23:58: HKCR\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (1 subtraces) (ID = 124560)
23:58: HKCR\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (1 subtraces) (ID = 124561)
23:58: HKCR\dailytoolbar.ieband\ (1 subtraces) (ID = 124562)
23:58: HKCR\dailytoolbar.sysmgr\ (1 subtraces) (ID = 124564)
23:58: HKCR\ietoolbar.affiliatectl\ (1 subtraces) (ID = 124565)
23:58: HKCR\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (1 subtraces) (ID = 124566)
23:58: HKCR\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (1 subtraces) (ID = 124567)
23:58: HKLM\software\classes\appid\dailytoolbar.dll\ (1 subtraces) (ID = 124576)
23:58: HKLM\software\classes\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (1 subtraces) (ID = 124577)
23:58: HKLM\software\classes\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (1 subtraces) (ID = 124587)
23:58: HKLM\software\classes\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (1 subtraces) (ID = 124588)
23:58: HKLM\software\classes\dailytoolbar.ieband\ (1 subtraces) (ID = 124590)
23:58: HKLM\software\classes\dailytoolbar.sysmgr\ (1 subtraces) (ID = 124592)
23:58: HKLM\software\classes\ietoolbar.affiliatectl\ (1 subtraces) (ID = 124593)
23:58: HKLM\software\classes\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (1 subtraces) (ID = 124594)
23:58: HKLM\software\classes\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (1 subtraces) (ID = 124595)
23:58: HKLM\software\dailytoolbar\ (1 subtraces) (ID = 124601)
23:58: HKLM\software\nix solutions\dailytoolbar\ (1 subtraces) (ID = 124641)
23:58: Found Adware: elitebar
23:58: HKCR\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ (8 subtraces) (ID = 125700)
23:58: HKLM\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ (8 subtraces) (ID = 125730)
23:58: HKLM\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\ (9 subtraces) (ID = 125738)
23:58: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
23:58: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/v3.dll\ (2 subtraces) (ID = 125753)
23:58: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\v3.dll (ID = 125764)
23:58: HKCR\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\ (9 subtraces) (ID = 125773)
23:58: Found Adware: purityscan
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}\ (1 subtraces) (ID = 137799)
23:58: Found Adware: tubby toolbar
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}\ (1 subtraces) (ID = 137799)
23:58: Found Trojan Horse: trojan-downloader-wstart
23:58: HKCR\appid\wstart.dll\ (1 subtraces) (ID = 144900)
23:58: HKCR\appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21}\ (1 subtraces) (ID = 144901)
23:58: HKCR\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}\ (1 subtraces) (ID = 144902)
23:58: HKLM\software\classes\appid\wstart.dll\ (1 subtraces) (ID = 144903)
23:58: HKLM\software\classes\appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21}\ (1 subtraces) (ID = 144904)
23:58: HKLM\software\classes\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}\ (1 subtraces) (ID = 144905)
23:58: HKLM\software\classes\wstart.whttphelper.1\ (1 subtraces) (ID = 144906)
23:58: HKLM\software\classes\wstart.whttphelper\ (1 subtraces) (ID = 144907)
23:58: HKLM\software\wsoft\ (1 subtraces) (ID = 144909)
23:58: HKCR\wstart.whttphelper.1\ (1 subtraces) (ID = 144910)
23:58: HKCR\wstart.whttphelper\ (1 subtraces) (ID = 144911)
23:58: Found Adware: directrevenue-abetterinternet
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-c1ec-0345-6ec2-4d0300000000}\ (1 subtraces) (ID = 145925)
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000}\ (1 subtraces) (ID = 145927)
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}\ (1 subtraces) (ID = 145940)
23:58: HKLM\software\respondmiter\ (1 subtraces) (ID = 146128)
23:58: Found Adware: winad
23:58: HKLM\software\classes\winadtoolsx.installer\ (3 subtraces) (ID = 147179)
23:58: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || .owner (ID = 147196)
23:58: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} (ID = 147197)
23:58: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadtoolsx.dll (ID = 147225)
23:58: HKCR\winadtoolsx.installer\ (3 subtraces) (ID = 147247)
23:58: HKCR\typelib\{31f9b5a7-5b94-445d-922c-e97bf52f5fd7}\ (9 subtraces) (ID = 1338574)
23:58: HKLM\software\classes\typelib\{31f9b5a7-5b94-445d-922c-e97bf52f5fd7}\ (9 subtraces) (ID = 1338597)
23:58: Found Adware: clickpix toolbar
23:58: HKU\S-1-5-21-263134199-781593064-165888979-500\software\microsoft\internet explorer\toolbar\webbrowser\ || {cc8c8f4f-f2e8-404b-a43d-5cc57876a008} (ID = 105875)
23:58: Found System Monitor: sc-keylog
23:58: HKU\S-1-5-21-263134199-781593064-165888979-500\software\classes\applications\main.exe\ (4 subtraces) (ID = 762247)
23:58: Registry Sweep Complete, Elapsed Time:00:00:20
23:58: Starting Cookie Sweep
23:58: Found Spy Cookie: sandboxer cookie
23:58: administrator@0[3].txt (ID = 3282)
23:58: Found Spy Cookie: 247realmedia cookie
23:58: administrator@247realmedia[1].txt (ID = 1953)
23:58: Found Spy Cookie: aa cookie
23:58: administrator@aa[2].txt (ID = 2029)
23:58: Found Spy Cookie: yieldmanager cookie
23:58: administrator@ad.yieldmanager[1].txt (ID = 3751)
23:58: Found Spy Cookie: adtech cookie
23:58: administrator@adtech[2].txt (ID = 2155)
23:58: Found Spy Cookie: ask cookie
23:58: administrator@ask[2].txt (ID = 2245)
23:58: Found Spy Cookie: a cookie
23:58: administrator@a[1].txt (ID = 2027)
23:58: Found Spy Cookie: clickbank cookie
23:58: administrator@clickbank[2].txt (ID = 2398)
23:58: Found Spy Cookie: webtrends cookie
23:58: administrator@m.webtrends[1].txt (ID = 3669)
23:58: Found Spy Cookie: 2o7.net cookie
23:58: administrator@premiumtv.122.2o7[1].txt (ID = 1958)
23:58: Found Spy Cookie: realmedia cookie
23:58: administrator@realmedia[2].txt (ID = 3235)
23:58: Found Spy Cookie: statcounter cookie
23:58: administrator@statcounter[1].txt (ID = 3447)
23:58: Found Spy Cookie: toplist cookie
23:58: administrator@toplist[1].txt (ID = 3557)
23:58: Cookie Sweep Complete, Elapsed Time: 00:00:00
23:59: Starting File Sweep
23:59: repigsp.exe (ID = 291520)
00:00: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:02: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:02: backup-20060516-231547-560.dll (ID = 291491)
00:04: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:05: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:06: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:08: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:10: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:12: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:12: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:13: thnall1z.exe (ID = 154509)
00:14: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:16: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:18: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:20: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:20: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:22: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:24: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:26: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:27: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:28: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:28: winbl32.dll (ID = 291520)
00:30: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:32: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:35: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:35: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:37: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:39: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:41: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:42: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:43: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:45: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:47: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:49: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:50: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:51: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:53: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:54: Found Trojan Horse: trojan-downloader-ttub
00:54: lsass.exe (ID = 81008)
00:55: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:57: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:57: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:59: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:01: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:03: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:07: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:07: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:08: rplhquzk.exe (ID = 293508)
01:08: Found Adware: redv network easyinstall
01:08: phqghume.exe (ID = 59429)
01:10: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:12: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:12: winsrv32.exe (ID = 291521)
01:13: Found Trojan Horse: trojan-backdoor-securemulti
01:13: zhopaizdupla.exe (ID = 294001)
01:14: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:16: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:16: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:16: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:17: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:18: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:20: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:21: Warning: Failed to open file "c:\documents and settings\administrator\cookies\administrator@antispylab[2].txt". The system cannot find the file specified
01:22: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:22: osd149f.osd (ID = 60007)
01:22: dlmax.inf (ID = 83266)
01:29: Warning: Unhandled Archive Type
01:29: Warning: Unhandled Archive Type
01:30: Warning: Unhandled Archive Type
01:30: Warning: Unhandled Archive Type
01:31: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:31: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid Stream
01:32: File Sweep Complete, Elapsed Time: 01:33:10
01:32: Full Sweep has completed. Elapsed time 01:38:28
01:32: Traces Found: 207
01:33: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:33: Removal process initiated
01:34: Quarantining All Traces: directrevenue-abetterinternet
01:34: Quarantining All Traces: elitebar
01:34: Quarantining All Traces: purityscan
01:34: Quarantining All Traces: sc-keylog
01:34: Quarantining All Traces: trojan-backdoor-securemulti
01:34: Quarantining All Traces: blazefind
01:34: Quarantining All Traces: daily toolbar
01:34: Quarantining All Traces: trojan-downloader-ttub
01:34: Quarantining All Traces: trojan-downloader-wstart
01:34: Quarantining All Traces: winad
01:34: Quarantining All Traces: clickpix toolbar
01:34: Quarantining All Traces: redv network easyinstall
01:34: Quarantining All Traces: tubby toolbar
01:34: Quarantining All Traces: 247realmedia cookie
01:34: Quarantining All Traces: 2o7.net cookie
01:34: Quarantining All Traces: a cookie
01:34: Quarantining All Traces: aa cookie
01:34: Quarantining All Traces: adtech cookie
01:34: Quarantining All Traces: ask cookie
01:34: Quarantining All Traces: clickbank cookie
01:34: Quarantining All Traces: realmedia cookie
01:34: Quarantining All Traces: sandboxer cookie
01:34: Quarantining All Traces: statcounter cookie
01:34: Quarantining All Traces: toplist cookie
01:34: Quarantining All Traces: webtrends cookie
01:34: Quarantining All Traces: yieldmanager cookie
01:34: Quarantining All Traces: spysheriff fakealert
01:35: Quarantining All Traces: adwaresheriff fakealert
01:35: adwaresheriff fakealert is in use. It will be removed on reboot.
01:35: Preparing to restart your computer. Please wait...
01:35: Removal process completed. Elapsed time 00:01:18
********
23:51: | Start of Session, 16 May 2006 |
23:51: Spy Sweeper started
23:52: BHO Shield: found: -- BHO installation denied at user request
23:52: Your spyware definitions have been updated.
23:53: | End of Session, 16 May 2006 |

<---end of spysweeper log file--->


<----start of new HijackThis log----->

Logfile of HijackThis v1.99.1
Scan saved at 01:39:56, on 17/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\dan\virus removal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: winapi32.MyBHO - {26C43C19-A1CE-456E-9CBF-77FFB9E92681} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCShowBuzz] C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

<----end of HijackThis log file---->


so, What next????

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 16 May 2006 - 07:04 PM

Please do not delete anything unless instructed to.


1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
SpyNoMore


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: winapi32.MyBHO - {26C43C19-A1CE-456E-9CBF-77FFB9E92681} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O4 - HKLM\..\Run: [PCShowBuzz] C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe


Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these Files if listed:
C:\WINDOWS\system32\winapi32.dll
C:\WINDOWS\system32\runsrv32.exe
C:\WINDOWS\system32\susp.exe




Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 d3ell

d3ell

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 17 May 2006 - 11:25 AM

hey,

after doing the thing u said and re-booting computer seems to be working fine. although the internet explorer home page had changed to 'about:blank'. computer seems to be running faster and i can now use task manager,.

<---HijackThis log follows----->

Logfile of HijackThis v1.99.1
Scan saved at 18:21:19, on 17/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\dan\virus removal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


<-------END----->



anything else?????

as i said before...

is spy sweeper worth purchasing??? and are there any other programs you can recommend so this doesnt happen again???

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 17 May 2006 - 03:06 PM

is spy sweeper worth purchasing??? and are there any other programs you can recommend so this doesnt happen again???

I think it is, but that's up to you :thumbup:


Good Job :thumbup:

Log looks good :D :thumbup: How is it running any issues?


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.





If you dont have these programs I would recommend that you get them. Spywareblaster, Spywareguard. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 d3ell

d3ell

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 18 May 2006 - 01:56 AM

thanks very much for all your great help and advise, you guys who do this are true legends, computer is running like new now, thanks alot... i will be making a donation to the forum, to show my appreciation. as it would of cost me alot to get it fixed by my local shop. thanks again d3ell

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 May 2006 - 03:13 PM

Great job :thumbup: You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 May 2006 - 03:13 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users