1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

A variety of issues

Discussion in 'Virus & Other Malware Removal' started by timkay2, Aug 8, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. timkay2

    timkay2 Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    80
    Thank you so much in the past for your help. I am once again asking for your assistance. I seemed to have pick up some kind of spyware or malware. It created a new toolbar on my current one and also created two new icons on my desktop. They are titled "Online Security Guide" and "Security Troubleshooter. The properties tab reveals "thesecuritypages.com" and "testonsecurity.com" respectively. They do not show up in the add/remove programs. It also installed an icon in my systems tray telling me my computer is infected and to click on the icon to remove the infected files.

    I currently run EZ Armor for virus and firewall protection. I am including a copy of my HiJack This log and Ewido Anti-Malware log:

    Here is a copy of my HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:43:04 PM, on 8/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\OURCOM~1\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Ars Plugin - {DABE0C57-5B57-4E2D-837A-08F290F7458E} - C:\Program Files\ArcadeRockstar\arsplg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [arcaderockstar] C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Anti-Malware Report:
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:35:32 PM, 8/8/2006
    + Report-Checksum: D920004

    + Scan result:

    C:\!KillBox\18Wheels_of_Steel-dm[1].exe -> Adware.Trymedia : Cleaned with backup
    C:\!KillBox\rqdsregj.exe -> Adware.ZenoSearch : Cleaned with backup
    C:\Documents and Settings\Our Computer\Cookies\our [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Our Computer\Cookies\our [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup


    ::Report End
     
  2. cfa-ddg2

    cfa-ddg2

    Joined:
    Oct 30, 2005
    Messages:
    175
    Hello Tinkay2...welcome to TSG!

    You are currently using HijackThis from a temporary directory, this can cause problems.
    HijackThis creates backups, these are needed in case of any recovery issues.
    Please create a directory on your C:\ drive called C:\HJT, move the HJT download into this new location and unzip HijackThis into that directory. Run the program from that directory from now on. Here are directions to do this if you require them:

    STEPS For Creating Folder

    • 1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

      2. Copy the HijackThis.zip download to the new folder

      3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

    Run HJT from now on from this new folder...

    If required, you can look at this Hijackthis Folder Tutorial


    After doing this, please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  3. timkay2

    timkay2 Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    80
    Thanks again for your help. Ok, I created a Hijack this folder and extracted SmitFraud to the desktop. Here are the results of the scans:

    HiJack This results:
    Logfile of HijackThis v1.99.1
    Scan saved at 6:17:56 PM, on 8/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Microsoft Money\System\mnyschdl.exe
    C:\Program Files\Microsoft Money\System\misuser.exe
    C:\Program Files\Microsoft Money\System\mis.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\OURCOM~1\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Ars Plugin - {DABE0C57-5B57-4E2D-837A-08F290F7458E} - C:\Program Files\ArcadeRockstar\arsplg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [arcaderockstar] C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    Smitfraud Extraction:[/B][/B]SmitFraudFix v2.81

    Scan done at 18:14:35.43, Thu 08/10/2006
    Run from C:\Documents and Settings\Our Computer\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\regperf.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Our Computer\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OURCOM~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\IntCodec\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  4. cfa-ddg2

    cfa-ddg2

    Joined:
    Oct 30, 2005
    Messages:
    175
    Hello timkay2....

    Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

    Please download Ewido to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install Ewido by double clicking the installer.
    • Follow the prompts. Make sure that Launch Ewido is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    Ewido manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
    ______________________________

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    ______________________________

    Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
    Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
    ______________________________

    Navigate to C:\Windows\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Clean out your Temporary Internet files. Proceed like this:
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start, click Control Panel, and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
    ______________________________

    Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
    • Click on Scanner
    • Click on the Settings tab.
      • Under How to act?
        Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        All checkboxes should be ticked.
      • Under Possibly unwanted software:
        All checkboxes should be ticked.
      • Under Reports:
        Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished:
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        [​IMG]
    • When done, click the Save Scan Report button.
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.
    ______________________________

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #3 - Delete Trusted zone by typing 3 and press Enter.
    Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

    Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
    ______________________________

    Please post:
    1. c:\rapport.txt
    2. Ewido log
    3. A new HijackThis log
    Your may need several replies to post the requested logs, otherwise they might get cut off.
     
  5. timkay2

    timkay2 Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    80
    Here are the results of the programs you had me run:

    c:\rapport
    SmitFraudFix v2.81

    Scan done at 15:08:12.75, Fri 08/11/2006
    Run from C:\Documents and Settings\Our Computer\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    EWIDO:
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 4:19:25 PM 8/11/2006

    + Scan result:



    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F007E221-018D-4BAF-924A-B0E9092F3853} -> Adware.CreatrixMedia : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F007E221-018D-4BAF-924A-B0E9092F3853} -> Adware.CreatrixMedia : Cleaned with backup (quarantined).
    C:\!KillBox\JUSTIN2.exe -> Adware.EZula : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\nsi5.dll -> Adware.EZula : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\nsm1E.dll -> Adware.EZula : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4006DCA3-433D-4FC8-AC36-42DA7797DCB7} -> Adware.eZula : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4006DCA3-433D-4FC8-AC36-42DA7797DCB7} -> Adware.eZula : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AD937E7-2F37-4873-A05E-548A67EF1D0E} -> Adware.FlashEnhancer : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E588AB-A5D9-4422-B313-22A3470F9700} -> Adware.FlashEnhancer : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AD937E7-2F37-4873-A05E-548A67EF1D0E} -> Adware.FlashEnhancer : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E588AB-A5D9-4422-B313-22A3470F9700} -> Adware.FlashEnhancer : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1960408961-1229272821-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1960408961-1229272821-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup (quarantined).
    C:\WINDOWS\svcmm32.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\Install.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
    C:\!KillBox\lwinrsag.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\!KillBox\v5zsk.exe -> Downloader.Agent.afi : Cleaned with backup (quarantined).
    C:\WINDOWS\stup3.exe -> Downloader.Small : Cleaned with backup (quarantined).

    ::Report end
     
  6. timkay2

    timkay2 Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    80
    Logfile of HijackThis v1.99.1
    Scan saved at 4:38:48 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\OURCOM~1\LOCALS~1\Temp\Rar$EX01.656\HijackThis.exe

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Ars Plugin - {DABE0C57-5B57-4E2D-837A-08F290F7458E} - C:\Program Files\ArcadeRockstar\arsplg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [arcaderockstar] C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  7. cfa-ddg2

    cfa-ddg2

    Joined:
    Oct 30, 2005
    Messages:
    175
    Cross post....be right back.
     
  8. cfa-ddg2

    cfa-ddg2

    Joined:
    Oct 30, 2005
    Messages:
    175
    Hello timkay2....

    Do you know what C:\Program Files\ArcadeRockstar\arcaderockstar32.exe is and do you use it? I've seen some sites label it as adware....

    1. You are currently using HijackThis from a temporary directory, this can cause problems with HJT making backups....these are needed in case of any recovery issues.

    Please create a directory on your C:\ drive called C:\HJT, move the HJT download into this new location and unzip HijackThis into that directory. Run the program from that directory from now on.

    STEPS For Creating Folder if you need them:

    • 1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

      2. Copy the HijackThis.zip download to the new folder

      3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

    Run HJT from now on from this new folder...

    If required, you can also look at this Hijackthis Folder Tutorial

    2. While it is not my place to tell you what to do, you have LimeWire, a P2P/file sharing programs installed on your computer. P2P apps like it are some of the largest sources of malware we see. You'll be doing yourself a favor by removing it.

    References for the risk of these programs are here: http://www.microsoft.com/windows/ie/community/columns/protection.mspx here: http://www.techweb.com/wire/160500554 and here: http://www.internetworldstats.com/articles/art053.htm

    I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    3. Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

    4. Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)
    Click Save, copy and paste the results in your next post.

    5. Post the contents of the ActiveScan report, a new HJT log and the HJT uninstall list...once we get these results and I verify that HJT is properly placed we'll continue 'cleaning'...let me know about arcaderockstar too..
     
  9. timkay2

    timkay2 Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    80
    Logfile of HijackThis v1.99.1
    Scan saved at 6:01:17 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\OURCOM~1\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Ars Plugin - {DABE0C57-5B57-4E2D-837A-08F290F7458E} - C:\Program Files\ArcadeRockstar\arsplg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [arcaderockstar] C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  10. cfa-ddg2

    cfa-ddg2

    Joined:
    Oct 30, 2005
    Messages:
    175
    timkay2...

    Did you see my last post?

    I do not see that you moved HJT, and I need the PandaScan results and the HJT uninstall list...

    Thanks!
     
  11. timkay2

    timkay2 Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    80
    I took your advice and removed both Rockstar and Limewire ( I have a 14 year old that installed these).

    Here are the results from HiJack this:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:03:20 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\HJT\hijackthis\HijackThis.exe

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Ars Plugin - {DABE0C57-5B57-4E2D-837A-08F290F7458E} - C:\Program Files\ArcadeRockstar\arsplg.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Our Computer\Desktop\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Panda Scan Results:

    Incident Status Location

    Adware:adware/maxifiles Not disinfected c:\program files\common files\InetGet2
    Adware:adware/savenow Not disinfected c:\documents and settings\all users\application data\nsv
    Adware:adware/delfinmedia Not disinfected c:\documents and settings\all users\application data\vidctrl
    Adware:adware/neededware Not disinfected Windows Registry
    Adware:adware/adblaster Not disinfected Windows Registry
    Adware:adware/intcodec Not disinfected Windows Registry
    Adware:adware/mediaplex Not disinfected Windows Registry
    Spyware:Spyware/SafeSurf Not disinfected C:\!KillBox\irsinst.exe[ExtractDLL.dll]
    Adware:Adware/nCase Not disinfected C:\!KillBox\nC5594Om3.dll
    Adware:Adware/BroadcastPC Not disinfected C:\!KillBox\tvs_inst.exe[TVS_B.exe]
    Adware:Adware/BroadcastPC Not disinfected C:\!KillBox\tvs_inst.exe[tvs_clean.exe]
    Adware:Adware/BroadcastPC Not disinfected C:\!KillBox\tvs_inst.exe[tvs_re_inst.exe]
    Adware:Adware/BroadcastPC Not disinfected C:\!KillBox\tvs_inst.exe[tvs_ln.exe]
    Adware:Adware/MediaTickets Not disinfected C:\!KillBox\YOINSI.exe
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Our Computer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-631147c9.zip[BlackBox.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Our Computer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-631147c9.zip[VerifierBug.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Our Computer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-631147c9.zip[Dummy.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Our Computer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-631147c9.zip[Beyond.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Our Computer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3ca13489.zip[BlackBox.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Our Computer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3ca13489.zip[VerifierBug.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Our Computer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3ca13489.zip[Dummy.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Our Computer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3ca13489.zip[Beyond.class]
    HiJack this Uninstall Manager save list:
    18 Wheels of Steel - Across America
    18 Wheels of Steel Pedal to the Metal
    3D Groove Playback Engine
    Ad-Aware SE Personal
    Adobe Acrobat 4.0, 5.0
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Photoshop CS
    Adobe Reader 7.0.8
    AOL Instant Messenger
    ArcSoft Camera Suite
    Battlefield 1942
    Battlefield Vietnam(TM)
    Battlefield Vietnam: WW2 Mod
    Bob the Builder - Bob's Castle Adventure
    Browser MOUSE
    CA eTrust PestPatrol
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window DSLR 5 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities File Viewer Utility 1.2
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture 2.7
    Canon ZoomBrowser EX (E)
    CleanCache 3.0
    Click'N Design 3D (V5)
    Conexant SmartHSFi V.9x 56K DF PCI Modem
    Construction - Destruction
    Creative Jukebox Driver
    Creative MediaSource
    Creative Removable Disk Manager
    Creative System Information
    Creative Zen Micro
    Curious George Reading and Phonics
    Dell ResourceCD
    Delta Force - Black Hawk Down
    Diego`s Dinosaur Adventure (remove only)
    Eagle Lander 3D v211
    Elasto Mania
    eTrust EZ Armor
    ewido anti-spyware 4.0
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Video Player
    Guitar Pro 5.0
    HijackThis 1.99.1
    HP Image Zone 4.0
    HP Software Update
    Intel(R) PRO Network Adapters and Drivers
    Internet Explorer Security Plugin 2006
    iPod for Windows 2006-03-23
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    JumpStart Numbers
    Kaspersky On-line Scanner
    Knievel's Wild Ride
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Mall Tycoon
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Encarta Encyclopedia Standard 2004
    Microsoft Fighter Ace II
    Microsoft Flight Simulator 2002
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Picture It! Photo Premium 9
    Microsoft Streets and Trips 2004
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Monsters, Inc. Wreck Room Arcade
    Musicmatch® Jukebox
    NVIDIA Windows 2000/XP Display Drivers
    Panda ActiveScan
    Photosmart 320,370,7400,8100,8400 Series
    Picasa 2
    PowerDVD
    PSP Video 9 1.74
    PunkBuster for Battlefield Vietnam
    QuickTime
    Roll
    Rugrats Munchin Land
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Shockwave
    Sonic MyDVD
    Sonic RecordNow!
    SoundMAX
    Spybot - Search & Destroy 1.3
    SWAT 4 Single Player Demo
    The Fairly OddParents - Shadow Showdown (remove only)
    Tonka Garage
    Uninstall TONKA Monster Trucks
    Unreal Tournament Demo
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    WildTangent Web Driver
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinRAR archiver
    Yahoo! Anti-Spy
    Yahoo! extras
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger Explorer Bar
    Yahoo! Toolbar
     
  12. cfa-ddg2

    cfa-ddg2

    Joined:
    Oct 30, 2005
    Messages:
    175
    Hello timkay2...good job!

    1. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O2 - BHO: Ars Plugin - {DABE0C57-5B57-4E2D-837A-08F290F7458E} - C:\Program Files\ArcadeRockstar\arsplg.dll (file missing)


    Now close all windows other than HiJackThis, then click Fix Checked.

    2. Please remove these entries from Add/Remove Programs in the Control Panel(if present). Click start>>control panel>>add/remove programs:

    WildTangent Web Driver
    J2SE Runtime Environment 5.0 Update 6


    3. Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.


    4. Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      c:\program files\common files\InetGet2
      c:\documents and settings\all users\application data\nsv
      c:\documents and settings\all users\application data\vidctrl

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    5. Update Java
    • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Then from your desktop double-click on jre-1_5_0_08-windows-i586-p to install the newest version.

    6. Post back with a new HJT log and let me know if you are still having any problems with your system!
     
  13. timkay2

    timkay2 Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    80
    I've done what you've instructed up to the Java download. When I click the link you supplied, I am taken to a page that offers two option:

    Download J2SE Development Kit 5.0 Update 8 with NetBeans IDE 5.0 Bundle

    -OR-

    J2SE Development Kit 5.0 Update 8 和 NetBeans IDE 5.0 复合软件包下载 (简体中文)

    Which one do I select?
     
  14. cfa-ddg2

    cfa-ddg2

    Joined:
    Oct 30, 2005
    Messages:
    175
    It's the 4th one down, Java Runtime Environment (JRE) 5.0 Update 8
    The J2SE Runtime Environment (JRE) allows end-users to run Java applications.


    Can you see that one?
     
  15. timkay2

    timkay2 Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    80
    Here is what I am trying to install:

    Windows Offline Installation, Multi-language jre-1_5_0_08-windows-i586-p.exe

    It will only install to 8%, and then it stops. I'm DSL connected, so download speed shouldn't be an issue. I've tried in numerous times and it never goes past 8%. I've let in try to download for at least 20 minutes with no progress each time.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - variety issues
  1. hudstore44
    Replies:
    1
    Views:
    420
  2. catlin
    Replies:
    15
    Views:
    920
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490637

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice