Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Good Samaritan Needed

Started by JLOPEZDOC , May 14 2007 08:52 PM

  • Please log in to reply
3 replies to this topic

#1 JLOPEZDOC

JLOPEZDOC

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 14 May 2007 - 08:52 PM

I'm in need of a good samaritan to help me clean my pc of unecessary junk, come on guys , it never took this long for somebody to throw me a life saver, "I have fallen and I can get up" , please anybody out there, thanks in advance.
here is a copy of my hijackthis:



Logfile of HijackThis v1.99.1
Scan saved at 10:45:16 PM, on

5/14/2007
Platform: Windows XP SP2

(WinNT 5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.

exe
C:\WINDOWS\system32\csrss.

exe
C:\WINDOWS\System32\winlo

gon.exe
C:\WINDOWS\system32\servi

ces.exe
C:\WINDOWS\system32\lsass.

exe
C:\WINDOWS\System32\Ati2e

vxx.exe
C:\WINDOWS\system32\svch

ost.exe
C:\WINDOWS\system32\svch

ost.exe
C:\WINDOWS\System32\svch

ost.exe
C:\Program Files\Common

Files\iS3\Anti-Spyware\SZServ

er.exe
C:\WINDOWS\System32\svch

ost.exe
C:\WINDOWS\System32\svch

ost.exe
C:\WINDOWS\system32\LEXB

CES.EXE
C:\WINDOWS\system32\LEXP

PS.EXE
C:\WINDOWS\system32\spool

sv.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\STOPzilla!\STOPzilla.exe
C:\Program Files\BellSouth

Internet Tools\blsloader.exe
C:\Program Files\Common

Files\Real\Update_OB\realsc

hed.exe
C:\Program

Files\Java\j2re1.4.2_05\bin\ju

sched.exe
C:\Program Files\Dell\Media

Experience\PCMService.exe
C:\Program

Files\MusicMatch\MusicMatc

h Jukebox\mmtask.exe
C:\Program Files\Intel\Intel

Application

Accelerator\iaanotif.exe
C:\Program

Files\CyberLink\PowerDVD\D

VDLauncher.exe
C:\WINDOWS\system32\dla\t

fswctrl.exe
C:\Program Files\Dell AIO

Printer A960\dlbfbmgr.exe
C:\Program Files\Common

Files\Symantec

Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\

AOL\ACS\acsd.exe
C:\Program Files\Dell AIO

Printer A960\dlbfbmon.exe
C:\Program Files\eBay\eBay

Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVGFR

E~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFR

E~1\avgupsvc.exe
C:\Program Files\Common

Files\Symantec

Shared\ccProxy.exe
C:\Program Files\Common

Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Juniper

Networks\Common

Files\dsNcService.exe
C:\Program Files\Intel\Intel

Application

Accelerator\iaantmon.exe
C:\Program Files\Norton

Internet Security\Norton

AntiVirus\navapsvc.exe
C:\PROGRA~1\Grisoft\AVGFR

E~1\avgcc.exe
C:\Program

Files\Viewpoint\Viewpoint

Manager\ViewMgr.exe
C:\Program

Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfm

on.exe
C:\Program

Files\Google\GoogleToolbar

Notifier\1.2.1128.5462\Google

ToolbarNotifier.exe
C:\Program Files\Norton

Internet Security\Norton

AntiVirus\SAVScan.exe
C:\Program Files\Common

Files\Symantec

Shared\SNDSrvc.exe
C:\WINDOWS\System32\svch

ost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common

Files\Symantec

Shared\ccEvtMgr.exe
C:\Program Files\Common

Files\Symantec

Shared\Security

Center\SymWSC.exe
C:\Program

Files\iPod\bin\iPodService.ex

e
C:\WINDOWS\System32\alg.e

xe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\DOCUME~1\JOHANNES\L

OCALS~1\Temp\Temporary

Directory 7 for

Hijackthis.zip\HijackThis.exe
C:\Program

Files\Messenger\msmsgs.exe
C:\Program

Files\Hijackthis\HijackThis.exe

R1 -

HKCU\Software\Microsoft\Int

ernet

Explorer\Main,Default_Page_

URL =

http://www.dell4me.com/my

waybiz
R0 -

HKCU\Software\Microsoft\Int

ernet Explorer\Main,Start Page

= http://home.bellsouth.net/
R1 -

HKLM\Software\Microsoft\Int

ernet

Explorer\Main,Default_Page_

URL =

http://go.microsoft.com/fwlink

/?LinkId=69157
R1 -

HKLM\Software\Microsoft\Int

ernet

Explorer\Main,Default_Search

_URL =

http://go.microsoft.com/fwlink

/?LinkId=54896
R1 -

HKLM\Software\Microsoft\Int

ernet Explorer\Main,Search

Page =

http://go.microsoft.com/fwlink

/?LinkId=54896
R0 -

HKLM\Software\Microsoft\Int

ernet Explorer\Main,Start Page

=

http://go.microsoft.com/fwlink

/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class

-

{06849E9F-C8D7-4D59-B87D-7

84B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class -

{0FD7DAF0-BBEF-4990-B19E-28

05D280571F} - (no file)
O2 - BHO: BlspcHlpr Class -

{15C9938F-CB96-496D-800A-B

827F2E34EA1} - C:\Program

Files\BellSouth Internet

Tools\blspc.dll
O2 - BHO: ZILLAbar BHO -

{1827766B-9F49-4854-8034-F6E

E26FCB1EC} - C:\Program

Files\STOPzilla!\ZB2.dll
O2 - BHO: eBay Toolbar Helper

-

{22D8E815-4A5E-4DFB-845E-AA

B64207F5BD} - C:\Program

Files\eBay\eBay

Toolbar2\eBayTB.dll
O2 - BHO: CursorZone -

{4E7BD74F-2B8D-469E-A78A-E5

6FA49CA83A} -

C:\PROGRA~1\Grip\Toolbar\

CURSOR~1\gripcz45.dll (file

missing)
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206

D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDH

elper.dll
O2 - BHO: DriveLetterAccess -

{5CA3D70E-1895-11CF-8E15-00

1234567890} -

C:\WINDOWS\system32\dla\t

fswshx.dll
O2 - BHO: Web assistant -

{9ECB9560-04F9-4bbc-943D-29

8DDF1699E1} - C:\Program

Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.

dll
O2 - BHO: Google Toolbar

Helper -

{AA58ED58-01DD-4d91-8333-C

F10577473F7} - c:\program

files\google\googletoolbar3.

dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FA

DC6B084872} - C:\Program

Files\Norton Internet

Security\Norton

AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser

Helper Object -

{E3215F20-3212-11D6-9F8B-00

D0B743919D} - C:\Program

Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Web assistant -

{0B53EAC3-8D69-4b9e-9B19-A

37C9A5676A7} - C:\Program

Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.

dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-78

59DF00B1D6} - C:\Program

Files\Norton Internet

Security\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &ESPN -

{AE6F2894-AF10-4C9C-B16E-1D

FC6FF8C0C6} - C:\Program

Files\ESPN\Toolbar\DIGToolBa

r.dll
O3 - Toolbar: eBay Toolbar -

{92085AD4-F48A-450D-BD93-B

28CC7DF67CE} - C:\Program

Files\eBay\eBay

Toolbar2\eBayTB.dll
O3 - Toolbar: Grip Toolbar -

{4E7BD74F-2B8D-469E-A78A-E5

6FA49CA83A} -

C:\PROGRA~1\Grip\Toolbar\

CURSOR~1\gripcz45.dll (file

missing)
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-00

9027A5CD4F} - c:\program

files\google\googletoolbar3.

dll
O3 - Toolbar: STOPzilla -

{98828DED-A591-462F-83BA-D2

F62A68B8B8} - C:\Program

Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run:

[URLLSTCK.exe] C:\Program

Files\Norton Internet

Security\UrlLstCk.exe
O4 - HKLM\..\Run:

[blspcloader] "C:\Program

Files\BellSouth Internet

Tools\blsloader.exe"
O4 - HKLM\..\Run:

[UpdateManager]

"C:\Program Files\Common

Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe]

"C:\Program Files\Common

Files\Real\Update_OB\realsc

hed.exe" -osboot
O4 - HKLM\..\Run:

[SunJavaUpdateSched]

C:\Program

Files\Java\j2re1.4.2_05\bin\ju

sched.exe
O4 - HKLM\..\Run:

[PCMService] "C:\Program

Files\Dell\Media

Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask]

c:\Program

Files\MusicMatch\MusicMatc

h Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IAAnotif]

C:\Program Files\Intel\Intel

Application

Accelerator\iaanotif.exe
O4 - HKLM\..\Run:

[DVDLauncher] "C:\Program

Files\CyberLink\PowerDVD\D

VDLauncher.exe"
O4 - HKLM\..\Run: [dla]

C:\WINDOWS\system32\dla\t

fswctrl.exe
O4 - HKLM\..\Run: [Dell AIO

Printer A960] "C:\Program

Files\Dell AIO Printer

A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [ccApp]

"C:\Program Files\Common

Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA]

C:\Program Files\ATI

Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec

NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SN

DMon.exe /Consumer
O4 - HKLM\..\Run:

[eBayToolbar] C:\Program

Files\eBay\eBay

Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Disney

Digital Camera Driver]

"C:\Program Files\InstallShield

Installation

Information\{2823CC10-A932-

415D-ADC9-049661ABCCC9}\I

CON.exe"
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFR

E~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run:

[OmgStartup] C:\Program

Files\Common Files\Sony

Shared\OpenMG\OmgStartu

p.exe
O4 - HKLM\..\Run:

[OM_Monitor] C:\Program

Files\OLYMPUS\OLYMPUS

Master\FirstStart.exe
O4 - HKLM\..\Run: [ViewMgr]

C:\Program

Files\Viewpoint\Viewpoint

Manager\ViewMgr.exe
O4 - HKLM\..\Run:

[iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\qttask.exe"

-atboottime
O4 - HKCU\..\Run: [MSMSGS]

"C:\Program

Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run:

[DellSupport] "C:\Program

Files\Dell Support\DSAgnt.exe"

/startup
O4 - HKCU\..\Run:

[MoneyAgent] "C:\Program

Files\Microsoft

Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Skype]

"C:\Program

Files\Skype\Phone\Skype.exe

" /nosplash /minimized
O4 - HKCU\..\Run:

[OM_Monitor] C:\Program

Files\OLYMPUS\OLYMPUS

Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ESPN

BottomLine] C:\Program

Files\ESPN\BottomLine\bline.e

xe
O4 - HKCU\..\Run:

[ctfmon.exe]

C:\WINDOWS\system32\ctfm

on.exe
O4 - HKCU\..\Run: [swg]

C:\Program

Files\Google\GoogleToolbar

Notifier\1.2.1128.5462\Google

ToolbarNotifier.exe
O4 - HKCU\..\Run:

[updateMgr] C:\Program

Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateMa

nager.exe AcRdB7_0_5
O4 - Startup: Expedia Fare

Alert.lnk = C:\Program

Files\Expedia\Expedia Fare

Alert\ExpediaFareAlert.exe
O8 - Extra context menu item:

&eBay Search -

res://C:\Program

Files\eBay\eBay

Toolbar2\eBayTb.dll/RCSearch

.html
O8 - Extra context menu item:

Add to AMV Convert Tool... -

C:\Program Files\MP3 Player

Utilities

3.70\AMVConverter\grab.htm

l
O8 - Extra context menu item:

Add to Media Manager... -

C:\Program Files\MP3 Player

Utilities

3.70\MediaManager\grab.ht

ml
O8 - Extra context menu item:

E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~

4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item:

Grip.com - file://C:\Program

Files\GRIPCZ45\Cache\Selec

tedContextSearch.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-0

0401C608501} -

C:\WINDOWS\System32\msja

va.dll
O9 - Extra 'Tools' menuitem:

Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-0

0401C608501} -

C:\WINDOWS\System32\msja

va.dll
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00

C0F0318AFE} -

C:\WINDOWS\System32\Shdo

cvw.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2

ba38496583} -

%windir%\Network

Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2

ba38496583} -

%windir%\Network

Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C

04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C

04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group:

[INTERNATIONAL]

International*
O12 - Plugin for .spop:

C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF:

{17492023-C23A-453E-A040-C7

C580BBF700} (Windows

Genuine Advantage

Validation Tool) -

http://go.microsoft.com/fwlink

/?linkid=39204
O16 - DPF:

{56336BCB-3D8A-11D6-A00B-0

050DA18DE71} (RdxIE Class) -

http://software-dl.real.com/29

60ba7b4d9bf5aabf03/netzip/

RdxIE601.cab
O16 - DPF:

{6E32070A-766D-4EE6-879C-D

C1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/

microsoftupdate/v6/V5Control

s/en/x86/client/muweb_site.c

ab?1133317507343
O16 - DPF:

{74D05D43-3236-11D4-BDCD-0

0C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai.net/7/84

0/537/2004061001/housecall.tr

endmicro.com/housecall/xsc

an53.cab
O16 - DPF:

{77E32299-629F-43C6-AB77-6A

1E6D7663F6} (Groove Control)

-

http://www.nick.com/commo

n/groove/gx/GrooveAX27.ca

b
O16 - DPF:

{895E51DC-866E-4090-AC7C-B

557FBD29823} (AMI Pictorial

Control CWeb 2.1 SPa01) -

http://10.105.6.43/ami/install/a

miviewer.cab
O16 - DPF:

{BB21F850-63F4-4EC9-BF9D-56

5BD30C9AE9} (a-squared

Scanner) -

http://ax.emsisoft.com/asquar

ed.cab
O16 - DPF:

{C02226EB-A5D7-4B1F-BD7E-63

5E46C2288D} (Toontown

Installer ActiveX Control) -

http://download.toontown.co

m/sv1.0.15.19/ttinst.cab
O16 - DPF:

{CC32D4D8-2A0B-4CEB-B105-

C9B968379105}

(CGameManagerCtrl Object)

-

https://disney.go.com/games/

downloads/gamemanager/DI

GGameManager.cab
O16 - DPF:

{CE28D5D2-60CF-4C7D-9FE8-0

F47A3308078} (ActiveDataInfo

Class) -

https://www-secure.symantec.

com/techsupp/activedata/Sy

mAData.cab
O16 - DPF:

{E5F5D008-DD2C-4D32-977D-1

A0ADF03058B} (JuniperSetup

Control) -

https://secure.mch.com/dana

-cached/setup/JuniperSetup.

cab
O16 - DPF:

{E77C0D62-882A-456F-AD8F-7

C6C9569B8C7}

(ActiveDataObj Class) -

https://www-secure.symantec.

com/techsupp/activedata/Ac

tiveData.cab
O20 - Winlogon Notify:

WgaLogon -

C:\WINDOWS\SYSTEM32\Wga

Logon.dll
O21 - SSODL:

WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-9

4D524869DB5} -

C:\WINDOWS\system32\WPD

ShServiceObj.dll
O23 - Service: AOL

Connectivity Service (AOL

ACS) - America Online, Inc. -

C:\PROGRA~1\COMMON~1\

AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller

- Unknown owner -

C:\WINDOWS\System32\Ati2e

vxx.exe
O23 - Service: AVG7 Alert

Manager Server (Avg7Alrt) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFR

E~1\avgamsvr.exe
O23 - Service: AVG7 Update

Service (Avg7UpdSvc) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFR

E~1\avgupsvc.exe
O23 - Service: Symantec Event

Manager (ccEvtMgr) -

Symantec Corporation -

C:\Program Files\Common

Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec

Network Proxy (ccProxy) -

Symantec Corporation -

C:\Program Files\Common

Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec

Password Validation

(ccPwdSvc) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec

Settings Manager (ccSetMgr) -

Symantec Corporation -

C:\Program Files\Common

Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Juniper Network

Connect Service

(dsNcService) - Juniper

Networks - C:\Program

Files\Juniper

Networks\Common

Files\dsNcService.exe
O23 - Service: Google Updater

Service (gusvc) - Google -

C:\Program

Files\Google\Common\Goo

gle

Updater\GoogleUpdaterServi

ce.exe
O23 - Service: IAA Event

Monitor (IAANTMon) - Intel

Corporation - C:\Program

Files\Intel\Intel Application

Accelerator\iaantmon.exe
O23 - Service: InstallDriver

Table Manager (IDriverT) -

Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\1150

\Intel 32\IDriverT.exe
O23 - Service: iPod Service -

Apple Inc. - C:\Program

Files\iPod\bin\iPodService.ex

e
O23 - Service: LexBce Server

(LexBceS) - Lexmark

International, Inc. -

C:\WINDOWS\system32\LEXB

CES.EXE
O23 - Service: Norton AntiVirus

Auto Protect Service

(navapsvc) - Symantec

Corporation - C:\Program

Files\Norton Internet

Security\Norton

AntiVirus\navapsvc.exe
O23 - Service: SAVScan -

Symantec Corporation -

C:\Program Files\Norton

Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking

Service (SBService) - Symantec

Corporation -

C:\PROGRA~1\COMMON~1\

SYMANT~1\SCRIPT~1\SBServ.e

xe
O23 - Service: Symantec

Network Drivers Service

(SNDSrvc) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: SymWMI Service

(SymWSC) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\Security

Center\SymWSC.exe
O23 - Service: STOPzilla Service

(szserver) - iS3, Inc. -

C:\Program Files\Common

Files\iS3\Anti-Spyware\SZServ

er.exe
O23 - Service: WAN Miniport

(ATW) Service

(WANMiniportService) -

America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove

#2 waterfalls

waterfalls

    Silver Member

  • Validating
  • PipPipPip
  • 416 posts

Posted 14 May 2007 - 10:18 PM

Hi - It is impossible to read your log. When you post it again, click "Format" in Notepad and then check "Word Wrap" in Notepad. Copy and paste your log in your next reply.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#3 JLOPEZDOC

JLOPEZDOC

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 19 May 2007 - 10:53 PM

Here is my new hijackthis with word wrap checked, thanks.


Logfile of HijackThis v1.99.1
Scan saved at 12:21:11 AM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class - {0FD7DAF0-BBEF-4990-B19E-2805D280571F} - (no file)
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: CursorZone - {4E7BD74F-2B8D-469E-A78A-E56FA49CA83A} - C:\PROGRA~1\Grip\Toolbar\CURSOR~1\gripcz45.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Grip Toolbar - {4E7BD74F-2B8D-469E-A78A-E56FA49CA83A} - C:\PROGRA~1\Grip\Toolbar\CURSOR~1\gripcz45.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Disney Digital Camera Driver] "C:\Program Files\InstallShield Installation Information\{2823CC10-A932-415D-ADC9-049661ABCCC9}\ICON.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Expedia Fare Alert.lnk = C:\Program Files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.70\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.70\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ45\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133317507343
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {895E51DC-866E-4090-AC7C-B557FBD29823} (AMI Pictorial Control CWeb 2.1 SPa01) - http://10.105.6.43/a...l/amiviewer.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.19/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://secure.mch.c...uniperSetup.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 waterfalls

waterfalls

    Silver Member

  • Validating
  • PipPipPip
  • 416 posts

Posted 23 May 2007 - 09:27 PM

Hi -

You will need to print these instructions because you will be working in Safe Mode without an Internet connection.

• Download RapidBlaster Killer from here:
http://www.spywarein...er/rbkiller.exe
- save it your Desktop. Double-click it to run the tool.

• Please set your system to show all files.
- Go to Start > open My Computer
- Select the Tools menu and click Folder Options.
- Select the View tab and, under Hidden files and folders, select Show hidden files and folders
- Uncheck Hide file extensions for known file types
- Uncheck Hide protected operating system files (Recommended)
- Click Apply, then OK

• Go to Start > Control Panel > Add/Remove Programs
- Scroll down and see if Grip and/or Grip Toolbar and/or GRIPCZ45 are listed
- If one or all are listed, click Remove for each one
- Exit.

• Reboot into SAFE MODE
To get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.

• Start HijackThis, click System Scan Only and place a checkmark next to the following items:
O2 - BHO: NavErrRedir Class - {0FD7DAF0-BBEF-4990-B19E-2805D280571F} - (no file)
O2 - BHO: CursorZone - {4E7BD74F-2B8D-469E-A78A-E56FA49CA83A} - C:\PROGRA~1\Grip\Toolbar\CURSOR~1\gripcz45.dll (file missing)
O3 - Toolbar: Grip Toolbar - {4E7BD74F-2B8D-469E-A78A-E56FA49CA83A} - C:\PROGRA~1\Grip\Toolbar\CURSOR~1\gripcz45.dll (file missing)
O4 - HKLM\..\Run: [Disney Digital Camera Driver] "C:\Program Files\InstallShield Installation Information\{2823CC10-A932-415D-ADC9-049661ABCCC9}\ICON.exe"
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ45\Cache\SelectedContextSearch.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

Close ALL browsers and open windows/programs and check 'Fix Checked'.

• Navigate to and delete the following folders if present:
C:\Program Files\Grip
C:\Program Files\Grip Toolbar
C:\Program Files\GRIPCZ45
C:\Program Files\InstallShield Installation Information\{2823CC10-A932-415D-ADC9-049661ABCCC9}

• Reboot into Normal Mode

• Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log in your next reply.
• Post back with the Superantispyware log and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·