Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Critical sys error http://www.virusburst.com/?aff=334

Started by rmhPCproblems , Oct 08 2006 04:22 PM

  • Please log in to reply
7 replies to this topic

#1 rmhPCproblems

rmhPCproblems

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 08 October 2006 - 04:22 PM

I do not know how to get rid of the Critical sys error whci ends up gointo:
http://www.virusburst.com/?aff=334

Also I do not know how to get rid of SoftCodec\isaddon.dll missing file

Logfile of HijackThis v1.99.1
Scan saved at 6:04:26 PM, on 10/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\SoftCodec\isaddon.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mht: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Netscape Browser\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132925771968
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://monitor.cpcc.edu/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - (no file)
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
O23 - Service: Linksys Wireless Guard Network Manager Service (WSCNetManager) - Wireless Security Corporation - C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe

    Advertisements

Register to Remove

#2 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 08 October 2006 - 09:21 PM

Only for Windows XP and Windows 2000

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

______________________________
Next:

Download ewido anti-spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop
    and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition
    files.
  • On the main screen select the icon "Update" then select the "
    Update now    " link.
    • Next select the "Start Update" button, the update will start and a
      progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of
    the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then
    select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named:

c:\rapport.txt

Open that file with Notepad, and "copy/paste" the ENTIRE CONTENTS of it into this thread.

After posting that, go ahead and run "the clean" as listed below:

Running the Clean

Warning: running option #2 on a non infected computer will remove your Desktop background.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Posted Image


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • IMPORTANT: Do not open any other windows or
    programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little
    time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all
    actions    "
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the
    screen and save it as a text file on your Desktop (make sure to remember where you saved that file, this is important).
Close Ewido and Reboot in Normal Mode.

______________________________

Please post:
  • c:\rapport.txt
  • Ewido log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#3 rmhPCproblems

rmhPCproblems

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 10 October 2006 - 03:56 AM

I may have run them both twice by mistake the first time with SmitFraud it hung up and I ran it again. I have attahed one from the day before also: SmitFraudFix v2.106 Scan done at 17:58:09.56, Mon 10/09/2006 Run from F:\Mike\My Documents\Fix384\WholeClean\2ndmethod\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Here is the second one: SmitFraudFix v2.106 Scan done at 18:48:51.34, Sun 10/08/2006 Run from F:\Mike\My Documents\Fix384\WholeClean\2ndmethod\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\gqagksr.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\ZipCodec\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon" [HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32] @="C:\WINDOWS\system32\gqagksr.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32] @="C:\WINDOWS\system32\gqagksr.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#4 rmhPCproblems

rmhPCproblems

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 10 October 2006 - 03:58 AM

Here is the AVGAS prev Ewido, did it execute fully?: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 1:39:07 AM 10/10/2006 + Scan result: C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298844.exe -> Adware.180Solutions : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning. HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning. C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298847.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298844.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298845.dll -> Adware.Zango : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298846.dll -> Adware.Zango : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning. HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning. C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298674.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298782.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298795.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298812.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298866.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298921.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298949.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0300960.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0301000.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298842.exe -> Dropper.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP699\A0298843.exe -> Dropper.Small : Cleaned with backup (quarantined). :mozilla.17:C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\0spvxawj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.18:C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\0spvxawj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4l6iqzg3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4l6iqzg3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4l6iqzg3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.130:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.131:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.132:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.133:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.134:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.135:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.102:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.104:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.105:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.106:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.107:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.14:C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\0spvxawj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.157:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.170:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.10:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.11:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.12:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.6:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.7:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.8:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.9:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.156:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.15:C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\0spvxawj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.143:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.144:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.145:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.146:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.147:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.148:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4l6iqzg3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.19:C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\0spvxawj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.180:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.184:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.185:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.186:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.187:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4l6iqzg3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4l6iqzg3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.119:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.115:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.116:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.117:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.118:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.120:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.121:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.122:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.123:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.141:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.142:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4l6iqzg3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.31:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.34:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.35:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.36:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.37:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.38:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.39:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.40:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.41:C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\l8pqoaz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end

#5 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 10 October 2006 - 05:05 AM

A new HijackThis! log is required, please. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#6 rmhPCproblems

rmhPCproblems

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 11 October 2006 - 06:47 PM

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:33:26 PM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mht: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Netscape Browser\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132925771968
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://monitor.cpcc.edu/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
O23 - Service: Linksys Wireless Guard Network Manager Service (WSCNetManager) - Wireless Security Corporation - C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe

#7 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 11 October 2006 - 06:50 PM

One minor fix left...

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

Run Hijack This!
Click "Do a systen scan only".
Then "check" the box to the left of these item(s):

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

Then click "Fix checked" and close Hijack This!.

How is it running?
:unsure:

Securing Your PC After An Attack
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#8 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 15 October 2006 - 09:48 AM

This topic is now closed.

If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·