1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

mediapipe

Discussion in 'Virus & Other Malware Removal' started by Richport, Dec 29, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Richport

    Richport Thread Starter

    Joined:
    Dec 29, 2005
    Messages:
    19
    I have the same problem here's my log

    Logfile of HijackThis v1.99.1
    Scan saved at 6:12:34 PM, on 12/29/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\brsvc01a.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\brss01a.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\WINNT\wanmpsvc.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINNT\system32\BRMFRSMG.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ItBill\itbill.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\AMERIC~2.0\waol.exe
    C:\PROGRA~1\AMERIC~2.0\shellmon.exe
    C:\PROGRA~1\AMERIC~2.0\aolwbspd.exe
    C:\WINNT\system32\taskmgr.exe
    C:\WINNT\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe"
    O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?4063b0f3543848528f8e4a7d9898189a
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?4063b0f3543848528f8e4a7d9898189a
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.4.4.34/harvest/harvest-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.3.28/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.3.36/penguins/penguins-ob-assets.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://aolsvc.aol.com/onlinegames/trytrijinx/TriJinx.1.0.0.58.cab
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129689152078
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129689110687
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTeleX.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
    O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://wb.smarthinking.com/~sdk/SDK/paste/lsiw2k.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A91422C7-2002-423E-B7EA-83D484DDD321}: NameServer = 205.188.146.145
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\System32\brsvc01a.exe
    O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have jumped anothers thread – next time start your own thread

    Add remove programs – remove, if present - MyWeb Search – Media Pipe – P2PNetworking

    Fix these with HJT – mark them, close IE, click fix checked

    O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe"

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab

    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\ItBill
    C:\Program Files\MediaPipe
    C:\Program Files\P2PNetworking

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  3. Richport

    Richport Thread Starter

    Joined:
    Dec 29, 2005
    Messages:
    19
    My apologies and Thank You.

    I'm still having problems but I'll start a new thread on it.:eek:
     
  4. Richport

    Richport Thread Starter

    Joined:
    Dec 29, 2005
    Messages:
    19
    I have a gateway xp . Media pipe accidently ended up on my computer only to realize that wether I load it or not I will be charged. So of course, I decided since I wasn't loading it I had to do something; I discovered your website. Frustrated I loaded hijack and sent my logfile through someone else's thread, without reading the cardinal rule. Anyway someone responded and I tried to continue the instructions but my problem still continues slightly differently.

    I followed all the instructions but I got stuck at:
    START – RUN – type in %temp% OK - Edit – Select all – File – Delete
    It keeps stating that it can not delete because 4D122E84-F372-4351-A5AA-5688EF0485AC.dat is being used by a person or program.

    So what do I do next??? Also, my system is running very slow any ideas???
     
  5. EAFiedler

    EAFiedler Moderator

    Joined:
    Apr 25, 2000
    Messages:
    14,146
    Hi Richport

    I have merged your posts to one thread, and moved it to the Security forum where you should receive more assistance.
     
  6. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Hi Richport, and welcome.

    I'll add to the above post by saying that once you receive instructions, post BACK to the SAME thread as the person who was helping you has no way of being notified that you started a new thread for the SAME problem.

    Thanks :)
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    lets have a new HJT log please so we can se where we are now please
     
  8. Richport

    Richport Thread Starter

    Joined:
    Dec 29, 2005
    Messages:
    19
    Here goes the new logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:20:15 PM, on 1/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\brsvc01a.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\brss01a.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\WINNT\wanmpsvc.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\WINNT\system32\BRMFRSMG.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\AMERIC~2.0\waol.exe
    C:\PROGRA~1\AMERIC~2.0\shellmon.exe
    C:\PROGRA~1\AMERIC~2.0\aolwbspd.exe
    C:\WINNT\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?4063b0f3543848528f8e4a7d9898189a
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?4063b0f3543848528f8e4a7d9898189a
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.4.4.34/harvest/harvest-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.3.28/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.3.36/penguins/penguins-ob-assets.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://aolsvc.aol.com/onlinegames/trytrijinx/TriJinx.1.0.0.58.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129689152078
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129689110687
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTeleX.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
    O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://wb.smarthinking.com/~sdk/SDK/paste/lsiw2k.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A91422C7-2002-423E-B7EA-83D484DDD321}: NameServer = 205.188.146.145
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\System32\brsvc01a.exe
    O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    reboot & the do the deletes that you were advised to earlier
     
  10. cbarn2982

    cbarn2982

    Joined:
    Jan 7, 2006
    Messages:
    1
    i had the same problem. i've been working on it all day-) there is another folder called adv. in the program files folder. i'm not familiar will the killbox software, but even after i got the folders deleted i still had to delete the keys related to the folders from the registry.
    they're located in the local machine/software key.
     
  11. Richport

    Richport Thread Starter

    Joined:
    Dec 29, 2005
    Messages:
    19
    What's a local machine/software key??? I have to agree with you I must be missing some other deletes I am not familiar with having to do. Unless I am told the exact file I can't figure it out and I am afraid I might end up deleting some important files that could discombobulate my computer.
     
  12. Richport

    Richport Thread Starter

    Joined:
    Dec 29, 2005
    Messages:
    19
    dvk01

    As I was advised earlier I rebooted and tried redeleting and it was no help. My system is slower than ever, and occasionally gets stuck on microsoft but mostly while in internet. Help. I must be missing some other deletes I am not aware of that are related and need to know in order to continue.
     
  13. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Post a new scan log.
     
  14. Richport

    Richport Thread Starter

    Joined:
    Dec 29, 2005
    Messages:
    19
    Logfile of HijackThis v1.99.1
    Scan saved at 1:39:55 PM, on 1/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\brsvc01a.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\brss01a.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\WINNT\wanmpsvc.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINNT\system32\BRMFRSMG.EXE
    C:\WINNT\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\AMERIC~2.0\waol.exe
    C:\PROGRA~1\AMERIC~2.0\shellmon.exe
    C:\PROGRA~1\AMERIC~2.0\aolwbspd.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

    Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

    Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter

    Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0

    \Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar

    Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar

    Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3

    \OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN

    Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?4063b0f3543848528f8e4a7d9898189a
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN

    Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?4063b0f3543848528f8e4a7d9898189a
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32

    \Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.4.4.34/harvest/harvest-ob

    -assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.3.28/mahjong/mahjong-

    ob-assets.cab
    O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.3.36/penguins/penguins

    -ob-assets.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) -

    file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

    Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) -

    http://aolsvc.aol.com/onlinegames/trytrijinx/TriJinx.1.0.0.58.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -

    http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) -

    hcp://system/TechTools.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?

    1129689152078
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?

    1129689110687
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) -

    hcp://system/RunExeActiveX.CAB
    O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) -

    http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTeleX.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -

    http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) -

    http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
    O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) -

    http://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) -

    hcp://system/StartFirstControl.CAB
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) -

    http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -

    http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) -

    http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

    http://cdn.messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-

    dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) -

    http://wb.smarthinking.com/~sdk/SDK/paste/lsiw2k.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -

    http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -

    http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -

    http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) -

    http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

    http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) -

    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -

    http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A91422C7-2002-423E-B7EA-83D484DDD321}: NameServer =

    205.188.146.145
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1

    \msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1

    \COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

    C:\WINNT\System32\brsvc01a.exe
    O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation -

    C:\Program Files\Norton Internet Security\NISSERV.EXE
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation -

    C:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

    C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common

    Files\Lanovation\PrismXL\PRISMXL.SYS
    O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation -

    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

    C:\WINNT\wanmpsvc.exe
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    there is nothing obvious showing there so

    • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!

    Reboot into Safe Mode
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Doubleclick WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete
      • Reboot back to Normal Mode!
      • Go to the WinPFind folder
      • Locate WinPFind.txt
      • Place those results in the next post!

    and
    open HJT press config/misc tools and tick both boxes about empty and minor sections

    Press generate start up list and post that log back here
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/431566

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice