Solved: Need Help, can't delete Program (HJT log included)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

crownpetrol

Thread Starter
Joined
Jul 13, 2007
Messages
6
I have been trying to uninstall Roxio Easy media Creator, and I can't seem to delete it all the way. It also seems like when I installed Roxio, it automatically installed something called Sonic Cineplayer DVD Decoder. I searched for all the files I can on this, and there are some I still can't delete. I really need help because an install prompt for Cineplayer keeps coming up and I can't get it to stop. I followed instructions from someone else's post and pasted a hijack this log. Also there is an icon for Cineplayer DVD Decoder in my Control Panel, but it does not have an option for me to delete it. Is there a way to get rid of it? Thank you in advance for any help.

Hijack This Log

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [Windows Mode Verifier] setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Dynex Wireless G Adapter WLService (Dynex Wireless Service) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!

You cut off the top of your log please post it again.
 

crownpetrol

Thread Starter
Joined
Jul 13, 2007
Messages
6
Sorry, Rookie mistake. Here's the whole thing.

Logfile of HijackThis v1.99.1
Scan saved at 4:15:41 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dynex Wireless G Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [Windows Mode Verifier] setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Dynex Wireless G Adapter WLService (Dynex Wireless Service) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O4 - HKLM\..\RunServices: [Windows Mode Verifier] setup.exe

Close all applications and browser windows before you click "fix checked".


Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

crownpetrol

Thread Starter
Joined
Jul 13, 2007
Messages
6
I finished everything, but when Combofix was finished it didn't produce it's own log. It was kind of wierd because right before it was done it said it was going to and also gave me a location for the log. I waited a couple of minutes after the program closed, but nothing popped up. Anyways, I looked at the location in my C Drive and there were 2 combofix logs. One was titled Combofix, and the other was Combofix quarantine. I'll post both of those then my Hijack this log. Thanks Again.

Combofix Log

"Casey *****" - 2007-07-14 15:46:51 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com
C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com\played_list.sol
C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\newdotnet
C:\Program Files\newdotnet\newdotnet6_38.dll
C:\Program Files\newdotnet\readme.html
C:\Program Files\newdotnet\uninstall6_38.exe
C:\Program Files\Xilisoft\Audio Converter\lang\_desktop.ini
C:\Program Files\Xilisoft\Audio Converter\Plugins\_desktop.ini
C:\Program Files\Xilisoft\Audio Converter\skin\Default\_desktop.ini
C:\WINDOWS\NDNuninstall6_38.exe


((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


2007-07-14 15:46 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 14:38 <DIR> d-------- C:\DOCUME~1\CASEYA~1\APPLIC~1\Nero
2007-07-12 23:43 <DIR> d-------- C:\DOCUME~1\CASEYA~1\APPLIC~1\Ahead
2007-07-12 23:39 <DIR> d-------- C:\Program Files\Nero
2007-07-12 23:39 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-12 23:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-12 21:00 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-07-12 20:59 <DIR> d-------- C:\Program Files\MSECACHE
2007-07-12 18:42 <DIR> d-------- C:\Program Files\InterActual
2007-07-12 18:16 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-07-12 18:13 <DIR> d-------- C:\Program Files\SightSpeed
2007-07-10 03:58 <DIR> d-------- C:\DOCUME~1\CASEYA~1\APPLIC~1\e frontier
2007-07-10 03:49 <DIR> d-------- C:\Program Files\e frontier
2007-07-10 03:48 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-07-10 03:09 <DIR> d-------- C:\Program Files\MagicISO
2007-07-09 19:16 <DIR> d-------- C:\Program Files\Tong-its
2007-07-04 22:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-04 22:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-04 22:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-03 20:28 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-07-03 20:28 232,192 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2007-07-03 20:28 200,704 --a------ C:\WINDOWS\system32\DetectDriver.exe
2007-07-03 20:28 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-03 20:28 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-07-03 20:28 <DIR> d-------- C:\Program Files\Dynex Wireless G Adapter
2007-06-28 04:47 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-28 04:47 <DIR> d-------- C:\Program Files\Xvid
2007-06-28 01:57 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-06-28 01:57 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-06-26 21:40 <DIR> d-------- C:\DOCUME~1\CASEYA~1\APPLIC~1\Motive
2007-06-26 21:31 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-06-26 21:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-06-18 16:29 <DIR> d-------- C:\Program Files\LimeWire


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-14 22:29:33 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\uTorrent
2007-07-14 22:11:27 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-07-13 04:36:35 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-07-13 01:14:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-12 07:21:24 -------- d-----w C:\Program Files\iTunes
2007-07-12 07:21:09 -------- d-----w C:\Program Files\iPod
2007-07-12 07:07:30 -------- d-----w C:\Program Files\QuickTime
2007-07-06 10:00:52 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\LimeWire
2007-07-06 05:38:17 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\Apple Computer
2007-07-02 08:16:03 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-28 08:57:27 164 ----a-w C:\install.dat
2007-06-28 08:19:47 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-28 08:19:47 203,024 ----a-w C:\WINDOWS\system32\drivers\TmXPFlt.sys
2007-06-28 08:19:47 1,126,328 ----a-w C:\WINDOWS\system32\drivers\VSAPINT.SYS
2007-06-22 01:43:52 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-22 01:43:52 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-22 01:43:52 160,056 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-10 05:29:41 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\Opera
2007-06-05 07:42:34 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-05 01:12:13 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\dvdcss
2007-06-04 07:58:26 -------- d-----w C:\Program Files\MSXML 4.0
2007-06-04 07:04:18 -------- d-----w C:\Program Files\Xilisoft
2007-06-04 06:51:04 -------- d-----w C:\Program Files\VideoLAN
2007-06-04 05:52:23 -------- d-----w C:\Program Files\NCH Swift Sound
2007-06-04 04:12:16 -------- d-----w C:\Program Files\Common Files\SightSpeed
2007-06-04 04:10:07 -------- d-----w C:\Program Files\DivX
2007-06-03 23:17:44 -------- d-----w C:\Program Files\Ahead
2007-05-30 08:40:54 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-05-17 01:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-17 01:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-16 16:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 22:32:24 513,152 ----a-w C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
2007-05-15 16:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 23:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2006-02-28 12:00:00 33,280 --sh--r C:\WINDOWS\system32\rundll32.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 21:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1A:Stardock TrayMonitor"="C:\Program Files\Common Files\Stardock\TrayServer.exe" [2003-02-14 03:57]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 15:51]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 15:51]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 15:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-02 01:06]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2004-10-12 06:00 C:\WINDOWS\system32\VTTrayp.exe]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 18:53]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Verizon Custom Uninstall Tracking"="C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 18:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Casey Adamo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Casey Adamo\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mode Verifier]
setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)


Contents of the 'Scheduled Tasks' folder
2007-07-11 14:18:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-13 00:00:00 C:\WINDOWS\tasks\wrSpySweeper_834FE5C64A854898A1C5EBADC9E38895.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 15:50:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-14 15:51:57
C:\ComboFix-quarantined-files.txt ... 2007-07-14 15:51

--- E O F ---

Combofix Quarantine Log

Code:
2006-09-02 22:15      229376    --a------    C:\Qoobox\Quarantine\C\Program Files\NewDotNet\newdotnet6_38.dll.vir
2006-09-02 22:15      50688    --a------    C:\Qoobox\Quarantine\C\Program Files\NewDotNet\uninstall6_38.exe.vir
2006-09-02 22:15      50688    --a------    C:\Qoobox\Quarantine\C\WINDOWS\NDNuninstall6_38.exe.vir
2006-09-02 22:15      6273    --a------    C:\Qoobox\Quarantine\C\Program Files\NewDotNet\readme.html.vir
2006-11-07 19:18      9    --a------    C:\Qoobox\Quarantine\C\Program Files\Xilisoft\Audio Converter\lang\_desktop.ini.vir
2006-11-07 19:18      9    --a------    C:\Qoobox\Quarantine\C\Program Files\Xilisoft\Audio Converter\Plugins\_desktop.ini.vir
2006-11-07 19:18      9    --a------    C:\Qoobox\Quarantine\C\Program Files\Xilisoft\Audio Converter\skin\Default\_desktop.ini.vir
2007-04-13 14:48      89    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\CASEYA~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-07-11 00:04      117    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\CASEYA~1\APPLIC~1\Macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com\played_list.sol.vir
2007-07-11 00:04      4271    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\CASEYA~1\APPLIC~1\Macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com\video_queue.sol.vir


Folder PATH listing
Volume serial number is 3CF7-5195
C:\QOOBOX
\---Quarantine
    +---C
    |   +---DOCUME~1
    |   |   \---CASEYA~1
    |   |       \---APPLIC~1
    |   |           \---Macromedia
    |   |               \---Flash Player
    |   |                   +---#SharedObjects
    |   |                   |   \---CQSXVAU4
    |   |                   |       \---www.broadcaster.com
    |   |                   |               played_list.sol.vir
    |   |                   |               video_queue.sol.vir
    |   |                   |               
    |   |                   \---macromedia.com
    |   |                       \---support
    |   |                           \---flashplayer
    |   |                               \---sys
    |   |                                   \---#www.broadcaster.com
    |   |                                           settings.sol.vir
    |   |                                           
    |   +---Program Files
    |   |   +---NewDotNet
    |   |   |       newdotnet6_38.dll.vir
    |   |   |       readme.html.vir
    |   |   |       uninstall6_38.exe.vir
    |   |   |       
    |   |   \---Xilisoft
    |   |       \---Audio Converter
    |   |           +---lang
    |   |           |       _desktop.ini.vir
    |   |           |       
    |   |           +---Plugins
    |   |           |       _desktop.ini.vir
    |   |           |       
    |   |           \---skin
    |   |               \---Default
    |   |                       _desktop.ini.vir
    |   |                       
    |   \---WINDOWS
    |           NDNuninstall6_38.exe.vir
    |           
    \---Registry_backups
HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 3:56:32 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dynex Wireless G Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Dynex Wireless G Adapter WLService (Dynex Wireless Service) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

Click Exit on the Main menu to close the program.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.
 

crownpetrol

Thread Starter
Joined
Jul 13, 2007
Messages
6
Here's the SuperAntiSpyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/16/2007 at 08:23 PM

Application Version : 3.9.1008

Core Rules Database Version : 3270
Trace Rules Database Version: 1281

Scan type : Complete Scan
Total Scan Time : 02:43:01

Memory items scanned : 435
Memory threats detected : 1
Registry items scanned : 5966
Registry threats detected : 9
File items scanned : 116679
File threats detected : 8

Trojan.NewDotNet-Installer
C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET6_38.DLL
C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET6_38.DLL
C:\PROGRAM FILES\THEMEXP\THEMEXP.ORG FILE\NNWDAB638.EXE

Trojan.NewDotNet
HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32#ThreadingModel
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NEWDOTNET\NEWDOTNET6_38.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NEWDOTNET\UNINSTALL6_38.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_38.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{84A932B5-EF23-4F2C-AF83-120FFCF5EB58}\RP340\A0044083.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{84A932B5-EF23-4F2C-AF83-120FFCF5EB58}\RP340\A0044087.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{84A932B5-EF23-4F2C-AF83-120FFCF5EB58}\RP340\A0044088.EXE

and here's a new HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 1:18:38 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dynex Wireless G Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Dynex Wireless G Adapter WLService (Dynex Wireless Service) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Thanks Again,
Casey
 

crownpetrol

Thread Starter
Joined
Jul 13, 2007
Messages
6
It's running a hundred times better now, but I still have that CinePlayer DVD Decoder Icon in my control panel that I can't get rid of. Also, the folder sonic shared is still in my common program files and I can't delete it. Is there anything I can do about this?
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Are you talking about removing them from add/remove programs?

http://support.microsoft.com/kb/314481




You can and should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless for them to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

The OTMoveIt by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.

SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.


It's a good idea to Flush your System Restore after removing malware:
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405


Here are some additional links for you to check out to help you with your computer security.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.

Security Help Tools
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top