Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer Problems Hijack This Log


  • Please log in to reply
11 replies to this topic

#1 JOLYNE

JOLYNE

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 12 June 2007 - 07:12 AM

Im having quite a few issues with my computer, its very slow, takes forever to boot up and crashes all the time and now im getting these pop ups from CiD on a regular basis and its driving me nuts. If anyone could help it would be greatly appreciated!

I had an old posting on this site that dan12 was helping me with but it was closed due to inactivity I tried a few times to have it reopened but it was not. here is the link incase that helps.

http://forums.tomcoy...tml#entry374668

Thanks for any help you can give me.



Here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:00:24 AM, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Smtray.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Documents and Settings\Owner\Desktop\napster\ITUNES\iTunesHelper.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://WWW.Yahoo.com/"); (C:\Program Files\Netscape\Users\suestlouis\prefs.js)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Jolyne\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Jolyne\COMPUT~1\SPYBOT\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Jolyne\ROBOFORM\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Jolyne\ROBOFORM\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Jolyne\downloads\SPYBLOCK\SpyBlocs.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [PCBG] C:\Jolyne\PCSCAN~1\INTRIG~1\pcbodyguard.exe /start
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\startupmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ante readme bold hole] C:\Documents and Settings\All Users\Application Data\Optionsiteantereadme\global 2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Owner\Desktop\napster\ITUNES\iTunesHelper.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [FastInternet] "C:\Jolyne\TOOLS\FAST INTERNET\Fast Internet\FastInternet.exe /Q"
O4 - HKCU\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKCU\..\Run: [FSCBoss] C:\Program Files\FSCBoss\FSCBoss.exe
O4 - HKCU\..\Run: [PlayLog] C:\DOCUME~1\Owner\APPLIC~1\HOLDSI~1\ForkAtom.exe
O4 - Startup: Webshots.lnk = C:\WEBSHOTS\Webshots\Launcher.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-ca\bin\WindowsSearch.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZCxdm312
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Customize Menu - file://C:\Jolyne\ROBOFORM\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with GetRight - C:\Jolyne\GetRight\GRdownload.htm
O8 - Extra context menu item: Fill Forms - file://C:\Jolyne\ROBOFORM\RoboFormComFillForms.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Jolyne\GetRight\GRbrowse.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Jolyne\ROBOFORM\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Jolyne\ROBOFORM\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Jolyne\ROBOFORM\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Jolyne\ROBOFORM\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Jolyne\ROBOFORM\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Jolyne\ROBOFORM\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Jolyne\ROBOFORM\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Jolyne\ROBOFORM\RoboFormComShowToolbar.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jolyne\POKER\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jolyne\POKER\PartyPoker.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\PROGRA~1\SYMPAT~1\COMMUN~1\Program\PLUGINS\nppdf32.dll
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-...sapplet-epf.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnime...tupv2.0.0.9.cab?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Advertisements

Register to Remove


#2 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 12 June 2007 - 02:58 PM

I'll notify dan12 that you've posted here.
Death to the salad eaters!

#3 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 12 June 2007 - 04:44 PM

Hi, I will be looking over your log at some point today. Have to work at the moment. dan

#4 JOLYNE

JOLYNE

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 12 June 2007 - 05:45 PM

Hi dan, thanks again for the help.
You had also asked for some other logs and I will post them here.

uninstall list:

18 WoS Across America
5 Spots
5 Spots II
AAA Logo 1.21
Acting Silly
Active Environment
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
Age of Mythology
Air Strike 2
Alien Outbreak 2 Invasion
Alien Stars
AnswerWorks Runtime
Ant War
Apple Software Update
AquaPark
ArcSoft Scrapbook Creator
ArtRage 2.2 Free
Artweaver
Astro Fury
Aveyond
Azureus
Barnyard Invasion
Bejeweled 1.23
BitZipper 5.0
Blubster 2.5
Bullet Candy
Cabela's 4x4 Off-road Adventure 1.2
Cabela's Big Game Hunter Platinum
Cabela's Grand Slam
Cabela's Ultimate Deer Hunt
Candy Can
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Cathys Caribbean Club
CCleaner (remove only)
Chicken Chase
Cinema Tycoon Gold
CloneCD
Cockroaches
Collapse II
Concentration
Corel Applications
Cute Knight
Da Vincis Secret
Danger Zone!
DelFin Media Viewer
Delicious Deluxe (remove only)
Democracy
Digital PhotoShot 4.10
Diner Dash
Diner Dash 2
Disney's Magic Artist Studio
DNA
Docking Station
Dora's Carnival Adventure (remove only)
Dracula Twins
EA AutoPatch
Easy CD Creator 5 Basic
Eets
Enhanced MediaLoads
Fairy Godmother Tycoon
Fairy Treasure
Fast Internet 1.2
Feeding Frenzy
Feeding Frenzy 2
Filler
Fish Tales ver 1.0
Fish Tycoon
Flip Wit!
Flip Words 2
Flower Shop Big City Break
GameSpy Arcade
GameTap
Garden Dreams
GetRight
Google Earth
Great Escapes Solitaire
Grimm`s Hatchery (remove only)
Grimm's Hatchery
Guardian
Happy Hour
Hidden Expedition Titanic
Hide And Secret
Hijackthis 1.99.1
HijackThis 1.99.1
Hoyle Casino 5
hp deskjet 3420 series (Remove only)
hp instant support
Ice Cream Tycoon
ICQ 5
Inca Ball
Insaniquarium Deluxe 1.0
iTunes
J2SE Runtime Environment 5.0 Update 3
Jackpot Matchup
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
Java™ SE Runtime Environment 6 Update 1
Jungle Games
Kazaa Media Desktop 2.0.2
Kodak EasyShare software
Kodak Picture Planet
LEGO Chic Boutique
Little Shop Of Treasures
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Lotus Deluxe
Lucy Q Deluxe
Lyra Jukebox Applications
Mad Magic
Magic Academy
Magic Stones
Magic Vines
Mariposa
Match-Up!
Messenger-Control plug-in for Ad-Aware SE
MGI VideoWave 4
MicroMan - Adventure 1
Microsoft Carioca Rummy
Microsoft Money 2000 Standard
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Express 2000
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Midnight Outlaw Illegal Street Drag Nitro Edition
MP3 Player Utilities 1.48
MSN Messenger 7.5
MSN Search Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML4 Parser
Musicmatch® Jukebox
Mystery Case Files Huntsville
Mystery Case Files Prime Suspects
Mystery Of Shark Island
Mysteryville
Nancy Drew: Stay Tuned For Danger
Nancy Drew: The Final Scene
Nanny Mania
Nertz Solitaire
Netscape (7.2)
Network Play System (Patching)
Oasis
Panda ActiveScan
Panicware Pop-Up Stopper Pro
PC PowerScan
Peggle Deluxe
Photobucket Uploader
Picasa 2
Plantasia
Platypus
Platypus II
Poker Superstars Invitational
Populous: The Beginning
Populous: Undiscovered Worlds - Patch
project dogwaffle
QuickTime
Rage Of Magic 2
RealArcade
RealPlayer Basic
Recyclorama
Rhombis
Riddle of the Sphinx™
Sandlot Games Client Services
Secret Chamber
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Sewer Run
ShapeShifter
Shareaza version 2.2.1.0
Sharp Dressed Man
Sheeplings
Shockwave
Solitaire Pop
SoundMAX2
Sparkle
SPIELESERVER
Spin & Play
SpyBlocs v2.0
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stand O Food
Star Defender 3
Stronghold 2
Super Collapse 3
SureThing CD Labeler - Stomper Edition 32 bit
Survival
Survivor ™
Survivor™ Ultimate
Sushi Frenzy
Sweetopia
Sympatico 4.7
Tank O Box
The Apprentice Los Angeles
Thinkin' Things Collection 2 (Remove only)
Tiks Texas Hold Em
Tropix
Tumble Bugs
Turtle Odyssey 2
Uninstall CEDP Stealer 4.0 for MSN Messenger
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
VideoEgg Publisher
Viewpoint Media Player (Remove Only)
Virtual Villagers
Virtual Villagers 2
War On Folvos
Webshots Desktop
Westward
Win32 BI Application
Winamp3 (remove only)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
World Class Solitaire
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Toolbar
Yahtzee
Zak And Jack
Zen Puzzle Garden
Zuma Deluxe

No lop:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Owner\Desktop
[03/06/2007]
[10:04:03 AM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A3C07FB59383F3D9.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Ea
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Hipsoft
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Legacy Interactive
C:\Documents and Settings\All Users\Application Data\Mgi
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn Search Toolbar
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Oberon Media
C:\Documents and Settings\All Users\Application Data\Optionsiteantereadme
C:\Documents and Settings\All Users\Application Data\Playfirst
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Roboform
C:\Documents and Settings\All Users\Application Data\Sandlot Games
C:\Documents and Settings\All Users\Application Data\Shockwave.com -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Videoegg
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\All Users\Application Data\Zylom
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Goodsol
C:\Documents and Settings\Guest\Application Data\Hotbar
C:\Documents and Settings\Guest\Application Data\Icq -- EMPTY Directory
C:\Documents and Settings\Guest\Application Data\Identities
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Owner\Application Data\Adobe
C:\Documents and Settings\Owner\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Owner\Application Data\Ambient Design
C:\Documents and Settings\Owner\Application Data\Apple Computer
C:\Documents and Settings\Owner\Application Data\Arcsoft
C:\Documents and Settings\Owner\Application Data\Artweaver
C:\Documents and Settings\Owner\Application Data\Azureus
C:\Documents and Settings\Owner\Application Data\Bitzipper
C:\Documents and Settings\Owner\Application Data\Canon
C:\Documents and Settings\Owner\Application Data\Chicken Chase
C:\Documents and Settings\Owner\Application Data\Dmcache -- EMPTY Directory
C:\Documents and Settings\Owner\Application Data\Ea
C:\Documents and Settings\Owner\Application Data\Funkitron
C:\Documents and Settings\Owner\Application Data\Funwebproducts
C:\Documents and Settings\Owner\Application Data\Gaijin Ent
C:\Documents and Settings\Owner\Application Data\Goodsol
C:\Documents and Settings\Owner\Application Data\Google
C:\Documents and Settings\Owner\Application Data\Gtek
C:\Documents and Settings\Owner\Application Data\Help
C:\Documents and Settings\Owner\Application Data\Holdsizeford
C:\Documents and Settings\Owner\Application Data\Hulabee
C:\Documents and Settings\Owner\Application Data\Icq -- EMPTY Directory
C:\Documents and Settings\Owner\Application Data\Icqlite
C:\Documents and Settings\Owner\Application Data\Identities
C:\Documents and Settings\Owner\Application Data\Kontiki
C:\Documents and Settings\Owner\Application Data\Lavasoft
C:\Documents and Settings\Owner\Application Data\Leadertech
C:\Documents and Settings\Owner\Application Data\Macromedia
C:\Documents and Settings\Owner\Application Data\Magic Academy
C:\Documents and Settings\Owner\Application Data\Magic Stones
C:\Documents and Settings\Owner\Application Data\Microsoft
C:\Documents and Settings\Owner\Application Data\Mind Control Software
C:\Documents and Settings\Owner\Application Data\Mozilla
C:\Documents and Settings\Owner\Application Data\Msn6
C:\Documents and Settings\Owner\Application Data\Musicmatch
C:\Documents and Settings\Owner\Application Data\Mysterystudio
C:\Documents and Settings\Owner\Application Data\Netpumper
C:\Documents and Settings\Owner\Application Data\Ohana Games
C:\Documents and Settings\Owner\Application Data\Playfirst
C:\Documents and Settings\Owner\Application Data\Registry Cleaner
C:\Documents and Settings\Owner\Application Data\Roxio
C:\Documents and Settings\Owner\Application Data\Shareaza
C:\Documents and Settings\Owner\Application Data\Shockwave.com -- EMPTY Directory
C:\Documents and Settings\Owner\Application Data\Sun
C:\Documents and Settings\Owner\Application Data\Symantec
C:\Documents and Settings\Owner\Application Data\S?curity
C:\Documents and Settings\Owner\Application Data\Videoegg
C:\Documents and Settings\Owner\Application Data\Webshots
C:\Documents and Settings\Owner\Application Data\Wildfire
C:\Documents and Settings\Owner\Application Data\Yahoo!
C:\Documents and Settings\Owner\Application Data\Yahoo! Messenger
C:\Documents and Settings\Owner\Application Data\Zak&jack
C:\Documents and Settings\Owner\Application Data\Zen Puzzle Garden -- EMPTY Directory
C:\Documents and Settings\Owner\Application Data\??crosoft.net
C:\Documents and Settings\Owner\Application Data\?ecurity
C:\Documents and Settings\Owner\Application Data\?ystem
C:\Documents and Settings\Owner\Application Data\?ssembly

awf:


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


sdfix:

SDFix: Version 1.85

Run by Owner - 02/06/2007 - 22:07:35.29

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
.NET Connection Service

ImagePath:
C:\WINDOWS\svchost.exe

.NET Connection Service - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\Owner\LOCALS~1\Temp\temp.exe - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Jolyne\\pc scans\\Intrigue Learning\\pcbodyguard.exe"="C:\\Jolyne\\pc scans\\Intrigue Learning\\pcbodyguard.exe:*:Enabled:pcbodyguard"
"C:\\Jolyne\\Shareaza\\Shareaza.exe"="C:\\Jolyne\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\mcoinstall.exe"="C:\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\ICQ\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQ\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Disabled:MP2P servent main executable"
"C:\\Jolyne\\pc scans\\Intrigue Learning\\liveupdate.exe"="C:\\Jolyne\\pc scans\\Intrigue Learning\\liveupdate.exe:*:Disabled:LiveUpdate Utilty"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Jolyne\\STRONGHOLD\\Stronghold2.exe"="C:\\Jolyne\\STRONGHOLD\\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\\Jolyne\\AZUREUS\\Azureus.exe"="C:\\Jolyne\\AZUREUS\\Azureus.exe:*:Enabled:Azureus"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Owner\\Desktop\\napster\\ITUNES\\iTunes.exe"="C:\\Documents and Settings\\Owner\\Desktop\\napster\\ITUNES\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Web Page stuff\TEMPLATES\jd_b030 - myfreetemplates.com\images\Thumbs.db
C:\Jolyne\Picasa2\setup.exe
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\WINDOWS\map.sys
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\nsb3A5.tmp\Thumbs.db
C:\Documents and Settings\Owner\Local Settings\Temp\nsg7.tmp\Thumbs.db

Finished

#5 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 13 June 2007 - 03:57 AM

Hi JOLYNE

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a logfile located at C:\ComboFix.txt.
4. Post the contents of that log in your next reply with a new hijackthis log.


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please include new HJT log plus combofix report
in your next post
Thanks dan

#6 JOLYNE

JOLYNE

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 13 June 2007 - 09:22 AM

ComboFix 07-06-13.7 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-13 10:56:58 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\APPLIC~1.\crosof~1.net
C:\DOCUME~1\Owner\APPLIC~1.\ecurit~1
C:\DOCUME~1\Owner\APPLIC~1.\scurit~1
C:\DOCUME~1\Owner\APPLIC~1.\ssembl~1
C:\DOCUME~1\Owner\APPLIC~1.\ystem~1
C:\DOCUME~1\Owner\Desktop.\internet explorer.lnk
C:\DOCUME~1\Owner\MYDOCU~1.\appatc~1
C:\DOCUME~1\Owner\MYDOCU~1.\dobe~1
C:\DOCUME~1\Owner\MYDOCU~1.\dobe~2
C:\DOCUME~1\Owner\MYDOCU~1.\icroso~1
C:\DOCUME~1\Owner\MYDOCU~1.\wnsxs~1
C:\DOCUME~1\Owner\MYDOCU~1.\ymbols~1
C:\Program Files\asks~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\sstem~1
C:\Program Files\Common Files\ymante~1
C:\Program Files\crosof~1
C:\Program Files\delfin
C:\Program Files\install.log
C:\Program Files\smbols~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\wtssvcc.exe
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem3~1


((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))


2007-06-13 10:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 08:26 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-04 17:56 <DIR> d-------- C:\Program Files\Eidos Interactive
2007-06-03 17:44 <DIR> d-------- C:\Program Files\EA Games
2007-06-03 10:16 <DIR> d-------- C:\NoLopBackups
2007-05-31 23:14 <DIR> d-------- C:\Program Files\project dogwaffle
2007-05-31 23:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Artweaver
2007-05-31 23:05 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ambient Design
2007-05-31 09:47 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\EA
2007-05-31 09:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA
2007-05-26 08:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
2007-05-14 16:29 <DIR> d-------- C:\Program Files\Zak And Jack
2007-05-14 16:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Zak&Jack
2007-05-14 16:19 <DIR> d-------- C:\Program Files\Bullet Candy


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-10 18:25:05 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\MysteryStudio
2007-06-09 13:03:07 -------- d-----w C:\Program Files\GameHouse
2007-06-06 18:09:57 216 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-03 22:06:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 21:53:44 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-03 21:53:39 1,391 ----a-w C:\WINDOWS\eReg.dat
2007-05-18 13:55:33 -------- d-----w C:\Program Files\LimeWire
2007-05-18 13:54:27 -------- d-----w C:\Program Files\FSCBoss
2007-05-14 22:35:21 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
2007-05-05 21:07:00 21,207 ----a-w C:\WINDOWS\nsreg.dat
2007-05-05 20:31:41 -------- d-----w C:\Program Files\18 WoS Across America
2007-05-05 20:30:10 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-05 20:05:59 -------- d-----w C:\Program Files\GameSpy Arcade
2007-04-25 19:13:14 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Ohana Games
2007-04-22 18:34:35 -------- d-----w C:\Program Files\Activision Value
2007-04-18 20:18:26 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\BitZipper
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 15:57:50 -------- d-----w C:\Program Files\BFG
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 00:47]
{0CF0B8EE-6596-11D5-A98E-0003470BB48E}=C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll [2002-02-10 09:52]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Jolyne\GetRight\xx2gr.dll [2005-02-14 13:08]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Jolyne\COMPUT~1\SPYBOT\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-05-26 11:38]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A}=C:\Program Files\Yahoo!\Common\YIeTagBm.dll [2005-01-24 09:55]
{724d43a9-0d85-11d4-9908-00400523e39a}=C:\Jolyne\ROBOFORM\roboform.dll [2005-08-05 20:21]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll [2005-06-15 20:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="Smtray.exe" [2001-09-20 15:47 C:\WINDOWS\system32\SMTray.exe]
"SpyBlocs"="C:\Jolyne\downloads\SPYBLOCK\SpyBlocs.exe" []
"PCBG"="C:\Jolyne\PCSCAN~1\INTRIG~1\pcbodyguard.exe" [2006-09-26 09:34]
"SystemDoctor 2006 Free"="C:\Program Files\SystemDoctor 2006 Free\sd2006.exe" []
"cmonitor"="C:\Program Files\SystemDoctor 2006 Free\startupmon.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Ante readme bold hole"="C:\Documents and Settings\All Users\Application Data\Optionsiteantereadme\global 2.exe" [2007-04-11 17:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Documents and Settings\Owner\Desktop\napster\ITUNES\iTunesHelper.exe" [2006-10-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe" [2005-08-01 04:01]
"FastInternet"="C:\Jolyne\TOOLS\FAST INTERNET\Fast Internet\FastInternet.exe" [2005-09-10 13:34]
"SystemDoctor 2006 Free"="C:\Program Files\SystemDoctor 2006 Free\sd2006.exe" []
"FSCBoss"="C:\Program Files\FSCBoss\FSCBoss.exe" []
"PlayLog"="C:\DOCUME~1\Owner\APPLIC~1\HOLDSI~1\ForkAtom.exe" [2007-04-11 17:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autofred.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{903714b7-05df-11d7-a8d5-806d6172696f}]
AutoRun\command- D:\autofred.exe


Contents of the 'Scheduled Tasks' folder
2007-06-09 17:16:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-13 15:05:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 11:05:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-13 11:08:10
C:\ComboFix-quarantined-files.txt ... 2007-06-13 11:07

--- E O F ---



HJT:


Logfile of HijackThis v1.99.1
Scan saved at 11:17:41 AM, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Smtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Jolyne\PCSCAN~1\INTRIG~1\pcbodyguard.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Documents and Settings\Owner\Desktop\napster\ITUNES\iTunesHelper.exe
C:\WEBSHOTS\Webshots\webshots.scr
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\winhlp32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://WWW.Yahoo.com/"); (C:\Program Files\Netscape\Users\suestlouis\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Jolyne\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Jolyne\COMPUT~1\SPYBOT\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Jolyne\ROBOFORM\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Jolyne\ROBOFORM\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Jolyne\downloads\SPYBLOCK\SpyBlocs.exe
O4 - HKLM\..\Run: [PCBG] C:\Jolyne\PCSCAN~1\INTRIG~1\pcbodyguard.exe /start
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\startupmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ante readme bold hole] C:\Documents and Settings\All Users\Application Data\Optionsiteantereadme\global 2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Owner\Desktop\napster\ITUNES\iTunesHelper.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [FastInternet] "C:\Jolyne\TOOLS\FAST INTERNET\Fast Internet\FastInternet.exe /Q"
O4 - HKCU\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKCU\..\Run: [FSCBoss] C:\Program Files\FSCBoss\FSCBoss.exe
O4 - HKCU\..\Run: [PlayLog] C:\DOCUME~1\Owner\APPLIC~1\HOLDSI~1\ForkAtom.exe
O4 - Startup: Webshots.lnk = C:\WEBSHOTS\Webshots\Launcher.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-ca\bin\WindowsSearch.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZCxdm312
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Customize Menu - file://C:\Jolyne\ROBOFORM\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with GetRight - C:\Jolyne\GetRight\GRdownload.htm
O8 - Extra context menu item: Fill Forms - file://C:\Jolyne\ROBOFORM\RoboFormComFillForms.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Jolyne\GetRight\GRbrowse.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Jolyne\ROBOFORM\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Jolyne\ROBOFORM\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Jolyne\ROBOFORM\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Jolyne\ROBOFORM\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Jolyne\ROBOFORM\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Jolyne\ROBOFORM\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Jolyne\ROBOFORM\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Jolyne\ROBOFORM\RoboFormComShowToolbar.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jolyne\POKER\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jolyne\POKER\PartyPoker.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\PROGRA~1\SYMPAT~1\COMMUN~1\Program\PLUGINS\nppdf32.dll
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-...sapplet-epf.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnime...tupv2.0.0.9.cab?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

#7 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 13 June 2007 - 10:06 AM

Hi JOLYNE

These program:Kazaa, Shareaza, Azureus, are very likely the reason your system is infested with malware. Even when a program like these are not infected themselfs, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I strongly recommend that you remove these programs from your system.



It's important that you stick with it as I said before this is a heavily Infected machine and we need to get on top of the Infections.

Delete bad programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present). It could be that they have a space or something between it , but it has to look like it:

  • SystemDoctor 2006 Free
    SpyBlocs v2.0
    PartyPoker
    Viewpoint Media Player
    Kazaa << your choice
    Shareaza << your choice
    Azureus << your choice
    MyWebSearch
    CiD Help
    CiD Manager
    Messenger plus or messenger plus and client
    Download Plugin for Internet Explorer
    Bitdownload
    Zone Media
    WinZix
    Search Plugin
    Bitgrabber
    BitRol
**Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
In case, during the uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window.

Then reboot. Important!
_________________



Ewido is now known as ( AVG Anti-Spyware.)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Dont use yet!

I noticed you had ccleaner:
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
Do not use yet!
__________________________


Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [SpyBlocs] C:\Jolyne\downloads\SPYBLOCK\SpyBlocs.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [Ante readme bold hole] C:\Documents and Settings\All Users\Application Data\Optionsiteantereadme\global 2.exe
O4 - HKCU\..\Run: [PlayLog] C:\DOCUME~1\Owner\APPLIC~1\HOLDSI~1\ForkAtom.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZCxdm312
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jolyne\POKER\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Jolyne\POKER\PartyPoker.exe (file missing)
O20 - AppInit_DLLs:

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

We need to reveal system folders
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options
  • After the new window appears select the View tab.
  • Place a checkmark in the checkbox labeled Display the contents of system folders
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
  • Remove the checkmark from the checkbox labeled Hide protected operating system files
  • Press the Apply and then the ok button and shut down my computer
  • Now your computer is configured to show all hidden files.
  • For you and the tools to be able to see appropriate files we need to Show Hidden Files
Re-boot into safe mode

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE
Right click start, In the drop down menu click "Explore" Then navigate to each file\ folder in the left hand pane, which will reveal its content in the right hand pane, highlight file or folder right click and Delete, if present:

C:\Jolyne\downloads\SPYBLOCK
C:\PROGRA~1\MYWEBS~1 << This folder first six characters will be like this, but may be more than eight
C:\Program Files\SystemDoctor 2006 Free << THis folder
C:\Documents and Settings\All Users\Application Data\Optionsiteantereadme << This folder
C:\Documents and Settings\Owner\Application Data\Holdsizeford << THis folder
C:\Documents and Settings\Owner\Application Data\Netpumper << This folder
C:\DOCUME~1\Owner\APPLIC~1\HOLDSI~1 << This folder first six letters will be the same but could be more than eight characters.
C:\Jolyne\POKER\PartyPoker.exe << This file. can you look in the poker folder to see if you have party poker if so delete.

Run ccleaner
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.

Run AVG Anti-Spyware

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)

      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Please include new HJT log, AVG Anti-Spyware log
in your next post
Thanks dan

Edited by dan12, 13 June 2007 - 10:09 AM.


#8 JOLYNE

JOLYNE

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 13 June 2007 - 12:53 PM

Hi dan, out of the list you gave me to delete I only found some of them. SystemDoctor 2006 Free / not found SpyBlocs v2.0 /does not exist or is not a valid uninstallation log file? PartyPoker /not found Viewpoint Media Player / deleted Kazaa << your choice /error loading c:/windows/system32/cd.clint.dll the specified module could not be found Shareaza << your choice /deleted Azureus << your choice /deleted MyWebSearch /not found CiD Help /deleted CiD Manager /not found Messenger plus or messenger plus and client /not found Download Plugin for Internet Explorer /not found Bitdownload /not found Zone Media /not found WinZix /not found Search Plugin /not found Bitgrabber /not found BitRol /not found I will now do the next steps

#9 JOLYNE

JOLYNE

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 13 June 2007 - 01:47 PM

Hi dan In hjt when I did the system scan only I erased all the things you told me to and at the end I got an error that said: An unexpected error has occurred at procedure: modBackup_MakeBackup(sltem=020-Applnit_DLLs: Error #5- Invalid procedure call or argument. So im not sure if that ment it still worked or not? moving on to the next step Thanks again.

#10 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 14 June 2007 - 12:39 AM

Thanks for Information, please continue. dan

#11 JOLYNE

JOLYNE

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 22 June 2007 - 06:32 AM

Hi dan, was on vacation for a week. Will be finishing steps as soon as I can today or tomorrow.

#12 JOLYNE

JOLYNE

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 29 June 2007 - 11:22 PM

I posted my info but for some reason its not showing up here? I will try to repost again after the weekend.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users