1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Oh, me too!!

Discussion in 'Virus & Other Malware Removal' started by Simps_27, Aug 8, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Simps_27

    Simps_27 Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    7
    I was referred here, and here goes my pasting!!

    Logfile of HijackThis v1.99.1
    Scan saved at 12:59:31 PM, on 08/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\outlook\outlook.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\{742E853A-0469-1033-0726-020002}\Update.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.equiman.com/
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\program files\bin\npjava131_04.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\program files\bin\npjava131_04.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: policies - C:\WINDOWS\system32\jtj0071me.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

    Heeeellllp!!!!! (Thank-you)
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome to TSG! :)

    I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
    It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

    Please continue in this thread.

    Please download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk (C:) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Do not do anything with this yet!

    Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.


    Then, please go to Start > My Computer and navigate to the C:\BFU folder.
    • Start the Brute Force Uninstaller by doubleclicking BFU.exe
    • Behind the scriptline to execute field click the folder icon [​IMG] and select alcanshorty.bfu
    • Press Execute and let the program do its job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the complete script execution box to pop up and press OK.
    • Press exit to terminate the BFU program.

    Download L2mfix from one of these two locations:

    http://www.atribune.org/downloads/l2mfix.exe
    http://www.downloads.subratam.org/l2mfix.exe

    Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

    Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
    C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:

    1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
    2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there to fix it manually.
    Do not run the fix portion without fixing the error first.
    After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!

    I've moved your post to a thread of your own so please reply here.

    • Please download Look2Me-Destroyer to your desktop.
    • Close all windows before continuing.
    • Double-click Look2Me-Destroyer.exe to run it.
    • Put a check next to Run this program as a task.
    • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds.
    • Click OK.
    • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
      Once it's done scanning, click the Remove L2M button.
    • You will receive a Done Scanning message, click OK.
    • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    • Your computer will then shutdown.
    • Turn your computer back on.

      If you receive a message from your firewall about this program accessing the internet please allow it.

      If you receive a runtime error '339' please download MSWINSCK.OCX from the link below
      and place it in your C:\Windows\System32 Directory.
      http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


    Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    LOL CT ;) I merged our splits.
     
  5. Simps_27

    Simps_27 Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    7
    I didn't even see the immediate post after mine, but saw the 2nd one. So did that.

    I am now getting security system (for computers) pop ups now, hope it doens't have anything to do with this site... here's my latest hi jack this scan:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:37:50 PM, on 08/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\outlook\outlook.exe
    C:\Program Files\Common Files\{742E853A-0469-1033-0726-020002}\Update.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.equiman.com/
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\program files\bin\npjava131_04.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\program files\bin\npjava131_04.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\jtj0071me.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please post the contents of C:\Look2Me-Destroyer.txt
     
  7. Simps_27

    Simps_27 Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    7
    Sorry, here it is!!!


    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 08/08/2006 1:48:01 PM

    Infected! C:\WINDOWS\system32\jtj0071me.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP689\A0047833.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP689\A0047856.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP689\A0047863.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP689\A0047867.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP689\A0047874.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP690\A0047880.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP690\A0047887.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP690\A0047895.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP691\A0047912.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP691\A0047913.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP691\A0047921.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP691\A0047922.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP691\A0047930.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP691\A0047931.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP692\A0047948.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP692\A0047949.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP692\A0047959.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP692\A0047960.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP693\A0047995.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP693\A0047996.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP693\A0048010.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP693\A0048011.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP693\A0048018.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP693\A0048026.dll
    Infected! C:\System Volume Information\_restore{8AD83349-AABF-447D-8F8A-E298B9A263BA}\RP693\A0049029.dll
    Infected! C:\WINDOWS\system32\cbvfat.dll
    Infected! C:\WINDOWS\system32\fpn0035me.dll
    Infected! C:\WINDOWS\system32\ir0ol5d31.dll
    Infected! C:\WINDOWS\system32\jtj0071me.dll
    Infected! C:\WINDOWS\system32\uhrv42a.dll
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please now do Cheeseball81's post.
     
  9. Simps_27

    Simps_27 Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    7
    Okie, thanks.

    I'll be back!
     
  10. Simps_27

    Simps_27 Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    7
    Yup, I am totally lost....no idea. I got to right clicking that 2nd link, but don't think I saved the first thing right...?
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Do this instead

    Download --> click on the link --> AlcanShorty_en.exe to your desktop. Click Download on the next page, you'll have to scroll down on the page a bit to see it.

    Double click the alcanShorty.exe file and follow prompts.
    It will make a folder on desktop called Alcan Shorty
    Open the folder & double click the run.bat

    This will download a file called BFU.exe and a BFU script. If your firewall asks for permission to connect then allow it.

    A message box will pop up saying complete. Press OK
    Then BFU.exe will open.

    Select the option to show log at completion.

    Execute the script by clicking the Execute button.
    Note that you should see a progress bar while the script is being executed.

    When the script has finished press copy & that will make a copy of the report in your clipboard.
    Paste that log back here.
     
  12. Simps_27

    Simps_27 Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    7
    I ended up getting BFU working, just couldn't get out of safe mode, ha ha better now!

    Do I still need to do that other option?


    BFU v1.00.9
    Windows XP SP2 (WinNT 5.01.2600 SP2)
    Script started at 2:40:38 PM, on 08/08/2006

    Option Unload Explorer: Yes
    Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
    Failed: ServiceStop Network Monitor (service not found)
    Failed: ServiceStop cmdService (service not found)
    Failed: ServiceDisable Network Monitor (service not found)
    Failed: ServiceDisable cmdService (service not found)
    Failed: ServiceDelete Network Monitor (service not found)
    Failed: ServiceDelete cmdService (service not found)
    Failed: FolderSetAttributes C:\WINDOWS\system32|A (operation failed)
    Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
    Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
    Option pause between commands: 300 ms
    Option pause between commands: 50 ms
    Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
    Failed: FolderDelete C:\Program Files\winupdate (folder not found)
    Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
    Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
    Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
    Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
    Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
    Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
    Failed: FolderDelete C:\DOCUME~1\admin\LOCALS~1\Temp\Cookies (operation failed)
    Failed: FolderDelete C:\DOCUME~1\admin\LOCALS~1\Temp\History (operation failed)
    Failed: FolderDelete C:\DOCUME~1\admin\LOCALS~1\Temp\Temporary Internet Files (operation failed)
    Failed: FileDelete C:\DOCUME~1\admin\LOCALS~1\Temp\~DF39DD.tmp (operation failed)
    Failed: FolderDelete C:\WINDOWS\Temp\Cookies (operation failed)
    Failed: FolderDelete C:\WINDOWS\Temp\History (operation failed)
    Failed: FolderDelete C:\WINDOWS\Temp\Temporary Internet Files (operation failed)
    Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
    Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
    Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
    Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
    Failed: FolderDelete C:\Program Files\Update06 (folder not found)
    Failed: FolderDelete C:\Program Files\Update03 (folder not found)
    Failed: FolderDelete C:\Program Files\Update04 (folder not found)
    Failed: FolderDelete C:\Program Files\Update08 (folder not found)
    Failed: FolderDelete C:\Program Files\W-Update (folder not found)
    Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
    Failed: FolderDelete C:\Program Files\Cas (folder not found)
    Failed: FolderDelete C:\Program Files\CasStub (folder not found)
    Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
    Failed: FolderDelete C:\Program Files\ipwins (folder not found)
    Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
    Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
    Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
    Failed: FolderDelete C:\Program Files\SDVita (folder not found)
    Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
    Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
    Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
    Script completed.
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please post your HJT log again.
     
  14. Simps_27

    Simps_27 Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    7
    :)

    I don't think I've said thank-you enough yet!

    Thanks!!


    Logfile of HijackThis v1.99.1
    Scan saved at 5:46:26 PM, on 08/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\{742E853A-0469-1033-0726-020002}\Update.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.equiman.com/
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\program files\bin\npjava131_04.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\program files\bin\npjava131_04.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0516EC2E-8CB8-4A46-A3D3-3D73C12A4825}: NameServer = 204.187.23.65 192.197.167.190
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\lvlq0935e.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You're welcome.

    Please do this now.

     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490502

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice