There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
bios black screen blue screen boot computer connection crash css dell display driver drivers email error firefox firefox 3 freeze game hard drive internet internet explorer itunes laptop lcd linux malware monitor network networking nvidia outlook outlook 2003 outlook express partition password printer problem router slow sound sprtcmd.exe startup trojan usb video virus vista windows windows xp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: MSN Block Checker???


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Closed Thread
Page 1 of 2 1 2 >
 
Thread Tools
GreenBud's Avatar
Senior Member with 107 posts.
  
Join Date: Feb 2005
Experience: Beginner
17-Mar-2007, 06:51 PM #1
Solved: MSN Block Checker??? My HiJack This log is cluttered???
Something called MSN Block Checker was sent from my friends Messenger to all her contacts....it routed us to a url where it asked for our Hotmail addy and password. Has anyone seen this? Or heard of it? Is it legit? Thanks.

BUMP
Last edited by GreenBud : 18-Mar-2007 12:45 AM.
GreenBud's Avatar
Senior Member with 107 posts.
  
Join Date: Feb 2005
Experience: Beginner
18-Mar-2007, 12:48 AM #2
And I was wondering if someone could have a look at my HiJackThis log? I've scannned with AdAware, Spybot, Ewido, and Spyhunter and every time i run them they're picking up 100s of tracking cookies. I also use AntiVir and it deleted two 'files'

Here's my log, I would really appreciate it if someone could have a look!

Logfile of HijackThis v1.99.1
Scan saved at 9:42:31 PM, on 17/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: SpeedUpMyPC.lnk = F:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Byteman's Avatar
Moderator with 13,761 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Advanced Junk Jouster
18-Mar-2007, 12:54 AM #3
Hi, Please see this page, and I would also run the scanner there to check for the bad type of MSN Blocker malware:

http://www.mess.be/msnmessengerfaq/i...Messenger.html
GreenBud's Avatar
Senior Member with 107 posts.
  
Join Date: Feb 2005
Experience: Beginner
18-Mar-2007, 01:32 AM #4
Thanks Byteman!!

It found and deleted this....


17/03/2007 2:28:23 PM: C:\System Volume Information\_restore{E4A115F6-22C3-46F5-8E85-2D77A1B30B0C}\RP394\A0023474.EXE deleted

But it also found something else it couldn't delete?? So I ran it again and it found nothing!
Byteman's Avatar
Moderator with 13,761 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Advanced Junk Jouster
18-Mar-2007, 01:40 AM #5
Hi, Was there a filename with a malware name you saw?

For the one it could not delete?
GreenBud's Avatar
Senior Member with 107 posts.
  
Join Date: Feb 2005
Experience: Beginner
18-Mar-2007, 01:50 AM #6
There was a filename, but I can't remember what it was called because I ran the Block-Checker again right away after a re-boot to see if I could get rid of it. I knew I should have wrote it down!

There's something fishy with my system because it sure isn't restarting that quick anymore
Byteman's Avatar
Moderator with 13,761 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Advanced Junk Jouster
18-Mar-2007, 01:52 AM #7
Hi, Scan the computer here: And, read the directions....follow them> make sure you Save the Report...which you will be able to do when the scan finishes then copy and paste the contents of that report here in a reply.

HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
__________________
ATTN: I tend to edit my replies often, Refresh your browser pages to see added info!

My Signature links:
Donate directly to TSG to help the site-
http://www.techguy.org/donate.html

TSG's Welcome Guide- Tips, Rules, How to use TSG and more!

Is your computer going so slow you can see the electrons moving?....Post in our Hijack This and Malware Removal forum for Help!
Byteman's Avatar
Moderator with 13,761 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Advanced Junk Jouster
18-Mar-2007, 01:55 AM #8
Trojan horse TR/Keygen.S


Is that about what you saw? It's not important anyhow,just scan for now.

I'll be going offline shortly, but will check here soon as I can.
Last edited by Byteman : 18-Mar-2007 02:20 AM.
GreenBud's Avatar
Senior Member with 107 posts.
  
Join Date: Feb 2005
Experience: Beginner
18-Mar-2007, 02:40 AM #9
Thanks Byteman!...here's the report...47 'Spyware' cases and 2 'Hacking Tools and Rootkits' (uh oh)......

Incident Status Location

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.go.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Potentially unwanted tool:Application/HideWindow.S Not disinfected C:\install\wpi\common\cmdow.exe
Potentially unwanted tool:Application/HideWindow.S Not disinfected C:\WINDOWS\system32\cmdow.exe
GreenBud's Avatar
Senior Member with 107 posts.
  
Join Date: Feb 2005
Experience: Beginner
18-Mar-2007, 02:41 AM #10
Quote:
Originally Posted by Byteman
Trojan horse TR/Keygen.S


Is that about what you saw? It's not important anyhow,just scan for now.

I'll be going offline shortly, but will check here soon as I can.
Hmmmm...that may have been it!

I appreciate your time.
Last edited by GreenBud : 18-Mar-2007 02:54 AM.
Byteman's Avatar
Moderator with 13,761 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Advanced Junk Jouster
18-Mar-2007, 12:21 PM #11
Hi, This may explain why the scan found the hacking tool items:

http://www.commandline.co.uk/cmdow/

Have you used a Symantec (Norton) program like Antivirus, in the past?

Nothing else was found but Cookies, they are normal and you will always have these.

One thing you can do:

Go to the site, follow the directions there to set the First and Third Party cookies as shown to help keep so many from remaining on the computer, etc.

I think a temp file cleanup tool would do you some good, so get this and use it as below:

I use CleanUP!, and find it an excellent way to clean up temp files.

About every 2 or 3 days, as the last thing before shutting down, I run CleanUp.

There is always a message to log off, after using it, but I sometimes do and then sometimes don't and have not noticed anything different.

Probably you should the first time.

And, the first time you run it, you will see a popup about using it in Demo mode, that is a good idea just to see how much junk you have, but then you will have to run CleanUp again, this time, tell it No, so it does it's thing. You won't get the "run in Demo mode" bit after the first time.


Note: Removing all Cookies will mean that all users of the computer who use sites like TSG that require logging in to an account, will have to manually log in with usernames and passwords at ALL places they have an account....so, be sure everyone knows all the login and passwords...

CleanUp also has a Cookie filter, where you can enter the ones you would like to keep- you will see the Cookies tab at the top of it's window.

Download Cleanup from here
  • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • Click the Options... button on the right.
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies
    • Cleanup! All Users
    Click OK
  • DO NOT RUN IT YET

Now boot to safe mode.


Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
__________________
ATTN: I tend to edit my replies often, Refresh your browser pages to see added info!

My Signature links:
Donate directly to TSG to help the site-
http://www.techguy.org/donate.html

TSG's Welcome Guide- Tips, Rules, How to use TSG and more!

Is your computer going so slow you can see the electrons moving?....Post in our Hijack This and Malware Removal forum for Help!
GreenBud's Avatar
Senior Member with 107 posts.
  
Join Date: Feb 2005
Experience: Beginner
18-Mar-2007, 12:28 PM #12
Hi..

I haven't used anything Symantec on this pc.

Thanks for the tip about the cookies. I'll go look that up now.

My HijackThis log is fairly clean then??
Byteman's Avatar
Moderator with 13,761 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Advanced Junk Jouster
18-Mar-2007, 12:34 PM #13
Hi, Post a new HJT log.
Byteman's Avatar
Moderator with 13,761 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Advanced Junk Jouster
18-Mar-2007, 12:40 PM #14
Hi, Also, lets see the log from this:

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
__________________
ATTN: I tend to edit my replies often, Refresh your browser pages to see added info!

My Signature links:
Donate directly to TSG to help the site-
http://www.techguy.org/donate.html

TSG's Welcome Guide- Tips, Rules, How to use TSG and more!

Is your computer going so slow you can see the electrons moving?....Post in our Hijack This and Malware Removal forum for Help!
GreenBud's Avatar
Senior Member with 107 posts.
  
Join Date: Feb 2005
Experience: Beginner
18-Mar-2007, 12:55 PM #15
Wow, Cleanup found a lot!

Here's my HijackThis log.....

***********************

Logfile of HijackThis v1.99.1
Scan saved at 9:50:01 AM, on 18/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = F:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

********************

And here's the Uninstall Mngr list..........

********************

Ad-Aware SE Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
AirPlus XtremeG
Alt-Tab Task Switcher Powertoy for Windows XP
ANIO Service
ANIWZCS2 Service
AnyDVD
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avira AntiVir PersonalEdition Classic
BitComet 0.84
Broadcom Gigabit Integrated Controller
Calculator Powertoy for Windows XP
CleanUp!
ClearType Tuning Control Panel Applet
CloneDVD2
CmdHere Powertoy For Windows XP
Conexant D850 56K V.9x DFVc Modem
CONNECT Auto Update
CONNECT Player
CONNECT Player Language Pack
ConvertXtoDVD 2.1.5.173
Cucusoft MPEG/MOV/rmvb/DivX/AVI to DVD/VCD/SVCD Converter Pro 7
CyberLink InstantBurn
CyberScrub® Privacy Suite™ 4.2 Professional
dBpowerAMP FLAC Codec
dBpowerAMP Music Converter
Dell ResourceCD
DVD Suite
ewido anti-malware
FileSpecs plug-in for Ad-Aware SE
Half-Life(R) 2
HexDump plug-in for Ad-Aware SE
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB889527)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB903234)
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
hp psc 2200 series
HTML Slideshow Powertoy for Windows XP
IconChanger
Image Resizer Powertoy for Windows XP
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
K-Lite Codec Pack 2.82 Full
LabelPrint 2.0
LifeGlobe Sharks, Terrors of the Deep
LSP Explorer plug-in for Ad-Aware SE
Magnifier Powertoy for Windows XP
MaxBlast 4
MediaShow 3.0
Messenger-Control plug-in for Ad-Aware SE
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.2)
Nero 6 Ultra Edition
Nero 7 Premium
Nero Digital
OE/W Messengerctrl plug-in for Ad-Aware SE
OpenMG Secure Module 4.3.00
Panda ActiveScan
PhotoNow! 1.0
Power2Go 5.0
PowerBackup 2.5
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerISO
PowerProducer
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900930)
Security Update for Windows XP (KB901214)
Slideshow Generator Powertoy for Windows XP
Sound Blaster Audigy 2
SpeedUpMyPC Trial
Spybot - Search & Destroy 1.4
SpyHunter
Steam(TM)
Timershot Powertoy for Windows XP
Trojan Remover 6.5.3
Tweak-SE plug-in for Ad-Aware SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
UVU Media Player
Video Convert Master v6.0
VideoLAN VLC media player 0.8.6
Virtual Desktop Manager Powertoy for Windows XP
VX2 Cleaner plug-in for Ad-Aware SE
WinAVIVideoConverter
Windows Genuine Advantage Validation
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Hotfix - KB895181
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884883
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB896626
WinRAR archiver
xplorer² professional

************************

Thanks!
Closed Thread
Page 1 of 2 1 2 >

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who help people like you solve computer problems. See our Welcome Guide to get started.



Thread Tools


Related Sites: 56k Dial-Up | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 01:12 PM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.