Solved: 7th level, what is it, and it is bad

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

justfoo

Thread Starter
Joined
Dec 31, 2004
Messages
242
Hi I've discovered a folder called 7thlevel in my c:\program files folder, and have also seen files named like it in different places in my windows folder. what is this guy? It doesn't show up in my add remove programs list, is it a game and can i just delete the files? This would be tough as it seems there are a lot of them.
Thanks in advance.
 

justfoo

Thread Starter
Joined
Dec 31, 2004
Messages
242
Hi Gerry thanks for the reply.
I did a search right clicking/ properties on the files didn't tell me much.
Here is where I found them:
C:\Program files\7thlevel
C:\WINDOWS\SYSTEM32\7thLevel

I also discovered it in the registry as well:
HKEY_CURRENT_USER
SOFTWARE
MICROSOFT
Searchassistant
5603 Name 000 Type RG_SZ Data 7thlevel
5604 Name 000 Type RG_SZ Data 7thlevel
HKEY_LOCAL_MACHINE
SOFTWARE
7th Level Inc,
7th Level Media Player
Agent7
7thlevel
There are some others, but I think they're in a windows system restore area, and I won't bother you with them.

I visited the website you mentioned, it's more like an adware site as far as I could determine with no way to contact 7thlevel or find out more, as well as it's cheesy little pop up when you exit the website grrr.

Anyway thanks again Gerry, I'm hoping it's not some as yet undiscovered malicious spyware system of some sort hehe. And that I can just go ahead and delete the folders and the registry entries at some point when I get brave enough.
P.S. dont know if I entered this reply twice as when i went to send the first reply I was told I was logged in. Oh well,
 
Joined
May 16, 2003
Messages
4,092
I would just delete them, but would like to know how they got there.
Try running "adaware and spybot". These two programs are safe to use and will clean a large number of uninvited guests from your computer. For the url's look here: http://forums.techguy.org/t110854.html. Pop back and let us know how you get on.
 
Joined
Jul 26, 2002
Messages
46,331
I have moved this to the Security forum.

Please post the Hijack This log as requested.
 

justfoo

Thread Starter
Joined
Dec 31, 2004
Messages
242
Hey Gerry and all, did what you told me, and ran hijackthis. Here is what I got:
Logfile of HijackThis v1.99.0
Scan saved at 10:41:46 PM, on 1/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ProcessSuite\Common\NTServApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\winvnc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\MiscPrograms\PRINTKEY\Printkey2000.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Winwall\Winwall.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iolo\Search and Recover\DiskImageService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\MiscPrograms\SpyWare\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webmail.telusplanet.net/horde/imp/login.php?webmail=4cf9b3a37c3ced296c65500e11fbe146
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.telusplanet.net/horde/imp/login.php?webmail=4cf9b3a37c3ced296c65500e11fbe146
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webmail.telusplanet.net/horde/imp/login.php?webmail=4cf9b3a37c3ced296c65500e11fbe146
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.telusplanet.net/horde/imp/login.php?webmail=4cf9b3a37c3ced296c65500e11fbe146
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Search and Recover Disk Image Service] C:\Program Files\iolo\Search and Recover\DiskImageService.exe
O4 - Startup: Printkey2000.exe.lnk = C:\MiscPrograms\PRINTKEY\Printkey2000.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Winwall Autostart.lnk = C:\Program Files\Winwall\Winwall.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50/Java/cfsn31235.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E966BD98-AAC4-4968-BECE-02CE7895A08C}: NameServer = 199.185.220.36 199.185.220.52
O23 - Service: APACS+ OPC Device Server - Siemens - C:\Program Files\ProcessSuite\OPCDeviceServer\APACSOPCDeviceServer.exe
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Adroit Eventlog - Unknown - C:\Adroit\ELService.exe (file missing)
O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files\ProcessSuite\Common\NTServApp.exe
O23 - Service: InSQL Control - Wonderware Corporation - C:\Program Files\ProcessSuite\Historian\Server\InSQLCntlSvc.exe
O23 - Service: InSQL DbServer - Wonderware Corp. - C:\Program Files\ProcessSuite\Historian\Server\PdsSrv.exe
O23 - Service: InSQL Event System - Wonderware Corp. - C:\Program Files\ProcessSuite\Historian\Server\eventsys.exe
O23 - Service: InSQL IODriver - Wonderware Corporation - C:\Program Files\ProcessSuite\Historian\Server\IODriver.exe
O23 - Service: M-BUS/M-NET Administration - Siemens Energy & Automation - C:\Program Files\ProcessSuite\MBUSDRVR\mcontrol.exe
O23 - Service: APACS+ NIM32 - Siemens Energy & Automation, Inc. - C:\Program Files\ProcessSuite\NIM\Nim32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Wonderware SuiteLink - Invensys Systems, Inc. - C:\Program Files\ProcessSuite\Common\slssvc.exe
O23 - Service: VNC Server - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\winvnc.exe
O23 - Service: Wonderware Logger - Wonderware Corporation - C:\Program Files\ProcessSuite\Common\wwlogsvc.exe
O23 - Service: Wonderware NetDDE Helper - Invensys Systems, Inc. - C:\Program Files\ProcessSuite\Common\wwnetdde.exe
O23 - Service: WwRpcSvr - Wonderware Corporation - C:\WINDOWS\System32\wwinstsvc.exe
 
Joined
Jul 26, 2002
Messages
46,331
I don't see anything in your log.

I don'r know of any security threats related to this, but if you want to remove it, delete the 7th level files and folders and delete those entries in the registry. You may have to delete the folder in safe mode.

How to start your computer in safe mode
 

justfoo

Thread Starter
Joined
Dec 31, 2004
Messages
242
Hi guys, just thought I'd follow up to end this thread.
I finally got brave enough to delete all the registry entries, files and folders regarding 7thlevel with no ill effects to my pc. (y)

Again, many thanks for your guidance.
DF
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top