1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: MSN Block Checker???

Discussion in 'Virus & Other Malware Removal' started by GreenBud, Mar 17, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. GreenBud

    GreenBud Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    131
    Something called MSN Block Checker was sent from my friends Messenger to all her contacts....it routed us to a url where it asked for our Hotmail addy and password. Has anyone seen this? Or heard of it? Is it legit? Thanks.

    BUMP
     
  2. Sponsor

  3. GreenBud

    GreenBud Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    131
    And I was wondering if someone could have a look at my HiJackThis log? I've scannned with AdAware, Spybot, Ewido, and Spyhunter and every time i run them they're picking up 100s of tracking cookies. I also use AntiVir and it deleted two 'files'

    Here's my log, I would really appreciate it if someone could have a look! :)

    Logfile of HijackThis v1.99.1
    Scan saved at 9:42:31 PM, on 17/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
    C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\BitComet\BitComet.exe
    F:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: SpeedUpMyPC.lnk = F:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
  5. GreenBud

    GreenBud Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    131
    Thanks Byteman!!

    It found and deleted this....


    17/03/2007 2:28:23 PM: C:\System Volume Information\_restore{E4A115F6-22C3-46F5-8E85-2D77A1B30B0C}\RP394\A0023474.EXE deleted

    But it also found something else it couldn't delete?? So I ran it again and it found nothing!
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Was there a filename with a malware name you saw?

    For the one it could not delete?
     
  7. GreenBud

    GreenBud Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    131
    There was a filename, but I can't remember what it was called because I ran the Block-Checker again right away after a re-boot to see if I could get rid of it. I knew I should have wrote it down!

    There's something fishy with my system because it sure isn't restarting that quick anymore :(
     
  8. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Scan the computer here: And, read the directions....follow them> make sure you Save the Report...which you will be able to do when the scan finishes then copy and paste the contents of that report here in a reply.

    HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
     
  9. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Trojan horse TR/Keygen.S


    Is that about what you saw? It's not important anyhow,just scan for now.

    I'll be going offline shortly, but will check here soon as I can.
     
  10. GreenBud

    GreenBud Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    131
    Thanks Byteman!...here's the report...47 'Spyware' cases and 2 'Hacking Tools and Rootkits' (uh oh)......

    Incident Status Location

    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies-1.txt[.apmebf.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.com.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.112.2o7.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.112.2o7.net/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.go.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.ehg-dig.hitbox.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.go.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.overture.com/]
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.qksrv.net/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.findwhat.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.bravenet.com/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.bfast.com/]
    Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[counter.hitslink.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1u8uig0.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Potentially unwanted tool:Application/HideWindow.S Not disinfected C:\install\wpi\common\cmdow.exe
    Potentially unwanted tool:Application/HideWindow.S Not disinfected C:\WINDOWS\system32\cmdow.exe
     
  11. GreenBud

    GreenBud Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    131
    Hmmmm...that may have been it!

    I appreciate your time.
     
  12. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, This may explain why the scan found the hacking tool items:

    http://www.commandline.co.uk/cmdow/

    Have you used a Symantec (Norton) program like Antivirus, in the past?

    Nothing else was found but Cookies, they are normal and you will always have these.

    One thing you can do:

    Go to the site, follow the directions there to set the First and Third Party cookies as shown to help keep so many from remaining on the computer, etc.

    I think a temp file cleanup tool would do you some good, so get this and use it as below:

    I use CleanUP!, and find it an excellent way to clean up temp files.

    About every 2 or 3 days, as the last thing before shutting down, I run CleanUp.

    There is always a message to log off, after using it, but I sometimes do and then sometimes don't and have not noticed anything different.

    Probably you should the first time.

    And, the first time you run it, you will see a popup about using it in Demo mode, that is a good idea just to see how much junk you have, but then you will have to run CleanUp again, this time, tell it No, so it does it's thing. You won't get the "run in Demo mode" bit after the first time.


    Note: Removing all Cookies will mean that all users of the computer who use sites like TSG that require logging in to an account, will have to manually log in with usernames and passwords at ALL places they have an account....so, be sure everyone knows all the login and passwords...

    CleanUp also has a Cookie filter, where you can enter the ones you would like to keep- you will see the Cookies tab at the top of it's window.

    Download Cleanup from here

    • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    • Click the Options... button on the right.
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following (Make sure nothing else is checked!):
      • Empty Recycle Bins
      • Delete Cookies
      • Cleanup! All Users
      Click OK
    • DO NOT RUN IT YET

    Now boot to safe mode.


    Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.
     
  13. GreenBud

    GreenBud Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    131
    Hi..

    I haven't used anything Symantec on this pc.

    Thanks for the tip about the cookies. I'll go look that up now.

    My HijackThis log is fairly clean then??
     
  14. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Post a new HJT log.
     
  15. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Also, lets see the log from this:

    Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
     
  16. GreenBud

    GreenBud Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    131
    Wow, Cleanup found a lot!

    Here's my HijackThis log.....

    ***********************

    Logfile of HijackThis v1.99.1
    Scan saved at 9:50:01 AM, on 18/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    F:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: SpeedUpMyPC.lnk = F:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    ********************

    And here's the Uninstall Mngr list..........

    ********************

    Ad-Aware SE Professional
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Reader 7.0.8
    AirPlus XtremeG
    Alt-Tab Task Switcher Powertoy for Windows XP
    ANIO Service
    ANIWZCS2 Service
    AnyDVD
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Avira AntiVir PersonalEdition Classic
    BitComet 0.84
    Broadcom Gigabit Integrated Controller
    Calculator Powertoy for Windows XP
    CleanUp!
    ClearType Tuning Control Panel Applet
    CloneDVD2
    CmdHere Powertoy For Windows XP
    Conexant D850 56K V.9x DFVc Modem
    CONNECT Auto Update
    CONNECT Player
    CONNECT Player Language Pack
    ConvertXtoDVD 2.1.5.173
    Cucusoft MPEG/MOV/rmvb/DivX/AVI to DVD/VCD/SVCD Converter Pro 7
    CyberLink InstantBurn
    CyberScrub® Privacy Suite™ 4.2 Professional
    dBpowerAMP FLAC Codec
    dBpowerAMP Music Converter
    Dell ResourceCD
    DVD Suite
    ewido anti-malware
    FileSpecs plug-in for Ad-Aware SE
    Half-Life(R) 2
    HexDump plug-in for Ad-Aware SE
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 1.99.1
    Hotfix for Windows XP (KB889527)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB903234)
    HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
    HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
    HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
    hp psc 2200 series
    HTML Slideshow Powertoy for Windows XP
    IconChanger
    Image Resizer Powertoy for Windows XP
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    K-Lite Codec Pack 2.82 Full
    LabelPrint 2.0
    LifeGlobe Sharks, Terrors of the Deep
    LSP Explorer plug-in for Ad-Aware SE
    Magnifier Powertoy for Windows XP
    MaxBlast 4
    MediaShow 3.0
    Messenger-Control plug-in for Ad-Aware SE
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Office Professional Edition 2003
    Microsoft Windows Journal Viewer
    Mozilla Firefox (2.0.0.2)
    Nero 6 Ultra Edition
    Nero 7 Premium
    Nero Digital
    OE/W Messengerctrl plug-in for Ad-Aware SE
    OpenMG Secure Module 4.3.00
    Panda ActiveScan
    PhotoNow! 1.0
    Power2Go 5.0
    PowerBackup 2.5
    PowerDirector Express
    PowerDVD
    PowerDVD Copy 1.0
    PowerISO
    PowerProducer
    QuickTime
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900930)
    Security Update for Windows XP (KB901214)
    Slideshow Generator Powertoy for Windows XP
    Sound Blaster Audigy 2
    SpeedUpMyPC Trial
    Spybot - Search & Destroy 1.4
    SpyHunter
    Steam(TM)
    Timershot Powertoy for Windows XP
    Trojan Remover 6.5.3
    Tweak-SE plug-in for Ad-Aware SE
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    UVU Media Player
    Video Convert Master v6.0
    VideoLAN VLC media player 0.8.6
    Virtual Desktop Manager Powertoy for Windows XP
    VX2 Cleaner plug-in for Ad-Aware SE
    WinAVIVideoConverter
    Windows Genuine Advantage Validation
    Windows Installer 3.1 (KB893803)
    Windows Live Messenger
    Windows Media Hotfix - KB895181
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884020
    Windows XP Hotfix - KB884883
    Windows XP Hotfix - KB885222
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885626
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB886677
    Windows XP Hotfix - KB886716
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888240
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    Windows XP Hotfix - KB896626
    WinRAR archiver
    xplorer² professional

    ************************

    Thanks!
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/552519