Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] outerinfo removal

Started by jaspersmommy , Nov 29 2007 11:55 AM

  • This topic is locked This topic is locked
4 replies to this topic

#1 jaspersmommy

jaspersmommy

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 29 November 2007 - 11:55 AM

I've followed the recommended things and now am at the point to post my logs. Outerinfo pop ups come up so often I can't get anything done on the computer, internet or not. I ahve a hijackthis log and a combo fix log but when I got to the screen for the AVG log, it said "no report available". Here are the other two:

HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:43:01 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Upromise\Upromise.exe
C:\Program Files\Upromise\UpromiseUa.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearsh...ar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [UpdateMgr.exe] "C:\Program Files\EarthLink 5.0\updatemgr.exe" /NOCM
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Upromise] C:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [Upromise Update] C:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ctiov] C:\WINDOWS\?ecurity\?srss.exe
O4 - HKCU\..\Run: [Ccbnix] "C:\Program Files\Common Files\?ystem32\n?pdb.exe"
O4 - HKCU\..\Run: [Sjvb] "C:\Documents and Settings\Owner\My Documents\??crosoft\w?nword.exe"
O4 - HKCU\..\Run: [Ueizzdlx] C:\WINDOWS\system32\?racle\??rvices.exe
O4 - HKCU\..\Run: [Orryb] "C:\Documents and Settings\Owner\My Documents\??crosoft\t?skmgr.exe"
O4 - HKCU\..\Run: [Nzayrhco] "C:\Documents and Settings\Owner\My Documents\F?nts\n?lookup.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Shcrfm] C:\WINDOWS\system32\s?mbols\j?vaw.exe
O4 - HKCU\..\Run: [Thg] "C:\Program Files\Common Files\s?stem\?vchost.exe"
O4 - HKCU\..\Run: [Zzp] C:\WINDOWS\??crosoft.NET\n?pdb.exe
O4 - HKCU\..\Run: [Zptabqso] "C:\Documents and Settings\Owner\My Documents\??mantec\l?gonui.exe"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Zmtgkp] "C:\Documents and Settings\Owner\My Documents\??stem32\?poolsv.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZJ
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
O9 - Extra button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize...ageUploader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphoto...ploadClient.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.samsphoto...ploadClient.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

AND THE AVG LOG:

ComboFix 07-11-19.4C - Owner 2007-11-29 9:07:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.363 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JGBWF895\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\register.dat
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\zbucks.dat
C:\Documents and Settings\Owner\Application Data\SSEMBL~1
C:\Documents and Settings\Owner\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Owner\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Owner\My Documents\CROSOF~1
C:\Documents and Settings\Owner\My Documents\DOBE~1
C:\Documents and Settings\Owner\My Documents\FNTS~1
C:\Documents and Settings\Owner\My Documents\ICROSO~1.NET
C:\Documents and Settings\Owner\My Documents\MANTEC~1
C:\Documents and Settings\Owner\My Documents\PPPATC~1
C:\Documents and Settings\Owner\My Documents\SCURIT~1
C:\Documents and Settings\Owner\My Documents\STEM32~1
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\appatc~1
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\rqwk\rqwka.exe
C:\Program Files\Common Files\rqwk\rqwka.lck
C:\Program Files\Common Files\rqwk\rqwkd\class-barrel
C:\Program Files\Common Files\rqwk\rqwkd\rqwkc.dll
C:\Program Files\Common Files\rqwk\rqwkd\vocabulary
C:\Program Files\Common Files\rqwk\rqwkh
C:\Program Files\Common Files\rqwk\rqwkl.exe
C:\Program Files\Common Files\rqwk\rqwkl.lck
C:\Program Files\Common Files\rqwk\rqwkm.exe
C:\Program Files\Common Files\rqwk\rqwkm.lck
C:\Program Files\Common Files\rqwk\rqwkp.exe
C:\Program Files\Common Files\sembly~1
C:\Program Files\Common Files\sstem~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\inetget2
C:\Program Files\inetget2\emg.exe
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive7.dll
C:\Program Files\ISM\bndloader.exe
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\adhydraupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\Temporary
C:\Program Files\ttx.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe.lzma
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\WINDOWS\appatc~1
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\crosof~1.net
C:\WINDOWS\ecurit~1
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\rqwk
C:\WINDOWS\rqwk\rqwk.dat
C:\WINDOWS\rqwk\wu.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\mavnlsui.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\rwamvq.dll
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\TWVsYW5pZSBHZXplbC1SYW5nZWw\asappsrv.dll
C:\WINDOWS\TWVsYW5pZSBHZXplbC1SYW5nZWw\command.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-28 15:50 35,840 -ra------ C:\WINDOWS\mrofinu11.exe
2007-11-24 11:01 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-24 11:01 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-11-24 10:59 <DIR> d-------- C:\Program Files\Zune
2007-11-24 10:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-20 13:36 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-15 21:38 40,832 --a------ C:\WINDOWS\system32\drivers\zumbus.sys
2007-11-05 15:56 <DIR> d-------- C:\Program Files\QdrModule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 15:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-25 06:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-11-16 03:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-16 03:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-16 03:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-16 03:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-16 03:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-16 03:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2007-10-18 19:09 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-10-16 14:47 --------- d-----w C:\Program Files\BearShare
2007-10-16 14:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\BearShare
2007-10-16 14:22 --------- d-----w C:\Program Files\Upromise
2007-10-07 20:28 --------- d-----w C:\Program Files\LimeWire
2007-05-16 18:46 3,997 ---ha-w C:\Documents and Settings\Owner\hpothb07.dat
2006-07-17 01:48 24,192 ----a-w C:\Documents and Settings\Owner\usbsermptxp.sys
2006-07-17 01:48 22,768 ----a-w C:\Documents and Settings\Owner\usbsermpt.sys
2004-10-01 21:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2003-05-28 22:28 32 --sha-w C:\WINDOWS\{BCFC2B5E-C5FE-45DD-A851-6E927B842EB4}.dat
2003-05-28 22:28 32 --sha-w C:\WINDOWS\system32\{6C8C9EAE-D544-4104-B9D5-6C9D9BA4B8A5}.dat
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TWVsYW5pZSBHZXplbC1SYW5nZWw\nqpPsqcDtm1JtrD5vFYmsqcBtqT.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"Upromise"="C:\Program Files\Upromise\Upromise.exe" [2007-07-10 14:00]
"Upromise Update"="C:\Program Files\Upromise\UpromiseUa.exe" [2007-07-10 14:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 21:40]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 23:02]
"Ctiov"="C:\WINDOWS\?ecurity\?srss.exe" []
"Ccbnix"="C:\Program Files\Common Files\?ystem32\n?pdb.exe" []
"Sjvb"="C:\Documents and Settings\Owner\My Documents\??crosoft\w?nword.exe" []
"Ueizzdlx"="C:\WINDOWS\system32\?racle\??rvices.exe" []
"Orryb"="C:\Documents and Settings\Owner\My Documents\??crosoft\t?skmgr.exe" []
"Nzayrhco"="C:\Documents and Settings\Owner\My Documents\F?nts\n?lookup.exe" []
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51]
"Shcrfm"="C:\WINDOWS\system32\s?mbols\j?vaw.exe" []
"Thg"="C:\Program Files\Common Files\s?stem\?vchost.exe" []
"Zzp"="C:\WINDOWS\??crosoft.NET\n?pdb.exe" []
"Zptabqso"="C:\Documents and Settings\Owner\My Documents\??mantec\l?gonui.exe" []
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 13:51]
"Zmtgkp"="C:\Documents and Settings\Owner\My Documents\??stem32\?poolsv.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateMgr.exe"="C:\Program Files\EarthLink 5.0\updatemgr.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 00:39]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-06-14 17:39]
"nwiz"="nwiz.exe" [2002-05-03 18:06 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 04:29]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 04:20]
"ConMgr.exe"="C:\Program Files\EarthLink 5.0\ConMgr.exe" []
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 15:11]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 15:11]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 00:23]
"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" [2003-09-12 20:23]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" []
"checktime"="c:\program files\HPSelect\Frontend\ct.exe" [2002-01-26 14:05]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 10:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-22 10:21]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-10-30 22:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-27 18:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 09:58]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 23:04]
"srng"="\Program Files\Srng\Srng.exe" [2007-11-10 18:11]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 23:02]

R2 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe
S2 CoachCap;Concord EyeQ Duo 1300 USB Video Capture V1.01;C:\WINDOWS\system32\drivers\CoachCap.sys
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8b25ec-d6f3-11da-9b1f-00038a000015}]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-28 16:21:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1043772048.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2003-05-11 15:21:37 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1043893029.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2007-11-28 20:06:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1044297244.job"
"2007-11-29 14:41:49 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2007-11-29 12:52:39 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 09:16:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 9:21:37 - machine was rebooted
.
--- E O F ---
Any info is greatly appreciated
Thanks
Melanie

    Advertisements

Register to Remove

#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 30 November 2007 - 10:53 AM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#3 jaspersmommy

jaspersmommy

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 30 November 2007 - 02:33 PM

Here's my list. Thanks so much for the help! Melanie 3D Groove Playback Engine Adobe Flash Player 9 ActiveX Adobe Photoshop 6.0 Adobe Photoshop Elements 2.0 Adobe Reader 7.0.8 Adobe® Photoshop® Album Starter Edition 3.0 Arcade Classic Lite ArcSoft Camera Suite Atomic Pop AVG Anti-Spyware 7.5 BearShare BearShare MediaBar BearShare MediaBar Bleeposaurus 2: Dragonfire (remove only) Canon Camera Window for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities File Viewer Utility 1.3 Canon Utilities PhotoStitch 3.1 Canon Utilities RemoteCapture 2.7 Canon Utilities ZoomBrowser EX Comcast High-Speed Internet Install Wizard Concord Digital Camera CorelDRAW 10 CorelDRAW 10 Dark Orbit Desktop Doctor Diego`s Dinosaur Adventure (remove only) DiMAGE Viewer Disney's Lilo and Stitch Pinball DivX 5.0.3 Pro Bundle DVD Solution FA Phonics Made Easy GemMaster 2 Google Earth Google Toolbar for Internet Explorer HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) hp center hp instant support hp learning adventure HP Memories Disc hp officejet 6100 series hp officejet 6100 series HP Photo and Imaging 1.1 - Photosmart Cameras HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp officejet 6100 series hp toolkit Inactive HP Printer Drivers (Remove only) Intel® 845G Chipset Graphics Driver Software J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 9 JumpStart 1st Grade v1.5 JumpStart Parent Resource Center v1.0 LEGO My Style Kindergarten Lernout & Hauspie TruVoice American English TTS Engine LimeWire PRO 4.14.10 LiveReg (Symantec Corporation) LiveUpdate 2.5 (Symantec Corporation) LRXS Macromedia Flash Player Macromedia Shockwave Player Marbles Deluxe 1.31 Marbles Deluxe 1.31a Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Excel 97 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Disc 2 Microsoft Office 2000 SR-1 Small Business Microsoft User-Mode Driver Framework Feature Pack 1.0 Monsters, Inc. Wreck Room Arcade Multimedia Launcher Musicmatch® Jukebox My Sam's Club Digital Photo Center MyDVD MyPublisher BookMaker Nero OEM Network Magic Nikon View 6 NoAdware v5.0 Norton AntiVirus 2003 Norton WMI Update NVIDIA Windows 2000/XP Display Drivers P2P Networking PigPen Polar Bowler from Hewlett-Packard Desktops (remove only) PowerDVD PowerProducer PS2 Python 2.2 combined Win32 extensions Python 2.2.1 QuickTime Reader Drivers and Utilities Reader Rabbit's 2nd Grade RealPlayer RecordNow Rhapsody Player Engine S3Display S3Gamma2 SabreWing 2 Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB943460) Shape Shifter Shockwave ShowBiz Snowboard Extreme Sonic RecordNow DX Sonic Simple Backup Sonic Update Manager Speedway SpongeBob Collapse SpongeBob SquarePants Bubble Rush! (remove only) SpongeBob SquarePants Diner Dash (remove only) SpongeBob SquarePants Movie 3D Game (remove only) Spybot - Search & Destroy 1.3 TaxCut Deluxe 2005 The Weather Channel Desktop Ulead Photo Explorer 6.0 Uninstall PGEDemo Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Upromise remindU Upromise Toolbar (remove only) Viewpoint Media Player Weather Services WexTech AnswerWorks WildTangent GameChannel (remove only) Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (02/08/2007 4.1.7039.0) Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (02/08/2007 4.1.7039.0) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WordPerfect Productivity Pack WordPerfect Productivity Pack Yahoo! Internet Mail Yahoo! Messenger Yahoo! Photos Easy Upload Tool Yahoo! Photos Print-at-Home Tool Yahoo! SiteBuilder Yahoo! Toolbar for Internet Explorer Zune Zune Language Pack (ES) Zune Language Pack (FR)

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 30 November 2007 - 05:24 PM

Hi


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back in your next reply.

You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#5 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 07 December 2007 - 06:18 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·