1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Need Help, can't delete Program (HJT log included)

Discussion in 'Virus & Other Malware Removal' started by crownpetrol, Jul 13, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. crownpetrol

    crownpetrol Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    6
    I have been trying to uninstall Roxio Easy media Creator, and I can't seem to delete it all the way. It also seems like when I installed Roxio, it automatically installed something called Sonic Cineplayer DVD Decoder. I searched for all the files I can on this, and there are some I still can't delete. I really need help because an install prompt for Cineplayer keeps coming up and I can't get it to stop. I followed instructions from someone else's post and pasted a hijack this log. Also there is an icon for Cineplayer DVD Decoder in my Control Panel, but it does not have an option for me to delete it. Is there a way to get rid of it? Thank you in advance for any help.

    Hijack This Log

    C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKLM\..\RunServices: [Windows Mode Verifier] setup.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Dynex Wireless G Adapter WLService (Dynex Wireless Service) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    You cut off the top of your log please post it again.
     
  3. crownpetrol

    crownpetrol Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    6
    Sorry, Rookie mistake. Here's the whole thing.

    Logfile of HijackThis v1.99.1
    Scan saved at 4:15:41 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Dynex Wireless G Adapter\WLService.exe
    C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
    C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
    C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\Program Files\Trend Micro\Antivirus\pccguide.exe
    C:\Program Files\Trend Micro\Antivirus\PCClient.exe
    C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKLM\..\RunServices: [Windows Mode Verifier] setup.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Dynex Wireless G Adapter WLService (Dynex Wireless Service) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  4. crownpetrol

    crownpetrol Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    6
    And thanks again for the help!
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O4 - HKLM\..\RunServices: [Windows Mode Verifier] setup.exe

    Close all applications and browser windows before you click "fix checked".


    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  6. crownpetrol

    crownpetrol Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    6
    I finished everything, but when Combofix was finished it didn't produce it's own log. It was kind of wierd because right before it was done it said it was going to and also gave me a location for the log. I waited a couple of minutes after the program closed, but nothing popped up. Anyways, I looked at the location in my C Drive and there were 2 combofix logs. One was titled Combofix, and the other was Combofix quarantine. I'll post both of those then my Hijack this log. Thanks Again.

    Combofix Log

    "Casey *****" - 2007-07-14 15:46:51 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com
    C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com\played_list.sol
    C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com\video_queue.sol
    C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\CASEYA~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Program Files\newdotnet
    C:\Program Files\newdotnet\newdotnet6_38.dll
    C:\Program Files\newdotnet\readme.html
    C:\Program Files\newdotnet\uninstall6_38.exe
    C:\Program Files\Xilisoft\Audio Converter\lang\_desktop.ini
    C:\Program Files\Xilisoft\Audio Converter\Plugins\_desktop.ini
    C:\Program Files\Xilisoft\Audio Converter\skin\Default\_desktop.ini
    C:\WINDOWS\NDNuninstall6_38.exe


    ((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


    2007-07-14 15:46 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-13 14:38 <DIR> d-------- C:\DOCUME~1\CASEYA~1\APPLIC~1\Nero
    2007-07-12 23:43 <DIR> d-------- C:\DOCUME~1\CASEYA~1\APPLIC~1\Ahead
    2007-07-12 23:39 <DIR> d-------- C:\Program Files\Nero
    2007-07-12 23:39 <DIR> d-------- C:\Program Files\Common Files\Ahead
    2007-07-12 23:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-07-12 21:00 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
    2007-07-12 20:59 <DIR> d-------- C:\Program Files\MSECACHE
    2007-07-12 18:42 <DIR> d-------- C:\Program Files\InterActual
    2007-07-12 18:16 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
    2007-07-12 18:13 <DIR> d-------- C:\Program Files\SightSpeed
    2007-07-10 03:58 <DIR> d-------- C:\DOCUME~1\CASEYA~1\APPLIC~1\e frontier
    2007-07-10 03:49 <DIR> d-------- C:\Program Files\e frontier
    2007-07-10 03:48 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2007-07-10 03:09 <DIR> d-------- C:\Program Files\MagicISO
    2007-07-09 19:16 <DIR> d-------- C:\Program Files\Tong-its
    2007-07-04 22:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-07-04 22:00 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-07-04 22:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-07-03 20:28 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
    2007-07-03 20:28 232,192 --a------ C:\WINDOWS\system32\drivers\rt73.sys
    2007-07-03 20:28 200,704 --a------ C:\WINDOWS\system32\DetectDriver.exe
    2007-07-03 20:28 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2007-07-03 20:28 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
    2007-07-03 20:28 <DIR> d-------- C:\Program Files\Dynex Wireless G Adapter
    2007-06-28 04:47 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-06-28 04:47 <DIR> d-------- C:\Program Files\Xvid
    2007-06-28 01:57 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
    2007-06-28 01:57 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
    2007-06-26 21:40 <DIR> d-------- C:\DOCUME~1\CASEYA~1\APPLIC~1\Motive
    2007-06-26 21:31 <DIR> d-------- C:\Program Files\Common Files\Motive
    2007-06-26 21:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
    2007-06-18 16:29 <DIR> d-------- C:\Program Files\LimeWire


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-14 22:29:33 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\uTorrent
    2007-07-14 22:11:27 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-07-13 04:36:35 -------- d-----w C:\Program Files\Common Files\Sonic Shared
    2007-07-13 01:14:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-12 07:21:24 -------- d-----w C:\Program Files\iTunes
    2007-07-12 07:21:09 -------- d-----w C:\Program Files\iPod
    2007-07-12 07:07:30 -------- d-----w C:\Program Files\QuickTime
    2007-07-06 10:00:52 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\LimeWire
    2007-07-06 05:38:17 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\Apple Computer
    2007-07-02 08:16:03 -------- d-----w C:\Program Files\Common Files\InstallShield
    2007-06-28 08:57:27 164 ----a-w C:\install.dat
    2007-06-28 08:19:47 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
    2007-06-28 08:19:47 203,024 ----a-w C:\WINDOWS\system32\drivers\TmXPFlt.sys
    2007-06-28 08:19:47 1,126,328 ----a-w C:\WINDOWS\system32\drivers\VSAPINT.SYS
    2007-06-22 01:43:52 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-06-22 01:43:52 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-06-22 01:43:52 160,056 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-06-10 05:29:41 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\Opera
    2007-06-05 07:42:34 -------- d-----w C:\Program Files\Windows Media Connect 2
    2007-06-05 01:12:13 -------- d-----w C:\DOCUME~1\CASEYA~1\APPLIC~1\dvdcss
    2007-06-04 07:58:26 -------- d-----w C:\Program Files\MSXML 4.0
    2007-06-04 07:04:18 -------- d-----w C:\Program Files\Xilisoft
    2007-06-04 06:51:04 -------- d-----w C:\Program Files\VideoLAN
    2007-06-04 05:52:23 -------- d-----w C:\Program Files\NCH Swift Sound
    2007-06-04 04:12:16 -------- d-----w C:\Program Files\Common Files\SightSpeed
    2007-06-04 04:10:07 -------- d-----w C:\Program Files\DivX
    2007-06-03 23:17:44 -------- d-----w C:\Program Files\Ahead
    2007-05-30 08:40:54 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
    2007-05-17 01:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
    2007-05-17 01:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
    2007-05-16 16:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-15 22:32:24 513,152 ----a-w C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
    2007-05-15 16:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 23:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2006-02-28 12:00:00 33,280 --sh--r C:\WINDOWS\system32\rundll32.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-01-12 21:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "1A:Stardock TrayMonitor"="C:\Program Files\Common Files\Stardock\TrayServer.exe" [2003-02-14 03:57]
    "pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 15:51]
    "PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 15:51]
    "TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 15:50]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-02 01:06]
    "Cmaudio"="cmicnfg.cpl" []
    "VTTimer"="VTTimer.exe" [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe]
    "VTTrayp"="VTtrayp.exe" [2004-10-12 06:00 C:\WINDOWS\system32\VTTrayp.exe]
    "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 18:53]
    "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Verizon Custom Uninstall Tracking"="C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" []
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 18:57]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSaveSettings"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Casey Adamo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Casey Adamo\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mode Verifier]
    setup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "RoxLiveShare9"=2 (0x2)
    "Roxio Upnp Server 9"=2 (0x2)
    "Roxio UPnP Renderer 9"=3 (0x3)


    Contents of the 'Scheduled Tasks' folder
    2007-07-11 14:18:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-13 00:00:00 C:\WINDOWS\tasks\wrSpySweeper_834FE5C64A854898A1C5EBADC9E38895.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-14 15:50:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-14 15:51:57
    C:\ComboFix-quarantined-files.txt ... 2007-07-14 15:51

    --- E O F ---

    Combofix Quarantine Log

    Code:
    2006-09-02 22:15      229376    --a------    C:\Qoobox\Quarantine\C\Program Files\NewDotNet\newdotnet6_38.dll.vir
    2006-09-02 22:15      50688    --a------    C:\Qoobox\Quarantine\C\Program Files\NewDotNet\uninstall6_38.exe.vir
    2006-09-02 22:15      50688    --a------    C:\Qoobox\Quarantine\C\WINDOWS\NDNuninstall6_38.exe.vir
    2006-09-02 22:15      6273    --a------    C:\Qoobox\Quarantine\C\Program Files\NewDotNet\readme.html.vir
    2006-11-07 19:18      9    --a------    C:\Qoobox\Quarantine\C\Program Files\Xilisoft\Audio Converter\lang\_desktop.ini.vir
    2006-11-07 19:18      9    --a------    C:\Qoobox\Quarantine\C\Program Files\Xilisoft\Audio Converter\Plugins\_desktop.ini.vir
    2006-11-07 19:18      9    --a------    C:\Qoobox\Quarantine\C\Program Files\Xilisoft\Audio Converter\skin\Default\_desktop.ini.vir
    2007-04-13 14:48      89    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\CASEYA~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
    2007-07-11 00:04      117    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\CASEYA~1\APPLIC~1\Macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com\played_list.sol.vir
    2007-07-11 00:04      4271    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\CASEYA~1\APPLIC~1\Macromedia\Flash Player\#SharedObjects\CQSXVAU4\www.broadcaster.com\video_queue.sol.vir
    
    
    Folder PATH listing
    Volume serial number is 3CF7-5195
    C:\QOOBOX
    \---Quarantine
        +---C
        |   +---DOCUME~1
        |   |   \---CASEYA~1
        |   |       \---APPLIC~1
        |   |           \---Macromedia
        |   |               \---Flash Player
        |   |                   +---#SharedObjects
        |   |                   |   \---CQSXVAU4
        |   |                   |       \---www.broadcaster.com
        |   |                   |               played_list.sol.vir
        |   |                   |               video_queue.sol.vir
        |   |                   |               
        |   |                   \---macromedia.com
        |   |                       \---support
        |   |                           \---flashplayer
        |   |                               \---sys
        |   |                                   \---#www.broadcaster.com
        |   |                                           settings.sol.vir
        |   |                                           
        |   +---Program Files
        |   |   +---NewDotNet
        |   |   |       newdotnet6_38.dll.vir
        |   |   |       readme.html.vir
        |   |   |       uninstall6_38.exe.vir
        |   |   |       
        |   |   \---Xilisoft
        |   |       \---Audio Converter
        |   |           +---lang
        |   |           |       _desktop.ini.vir
        |   |           |       
        |   |           +---Plugins
        |   |           |       _desktop.ini.vir
        |   |           |       
        |   |           \---skin
        |   |               \---Default
        |   |                       _desktop.ini.vir
        |   |                       
        |   \---WINDOWS
        |           NDNuninstall6_38.exe.vir
        |           
        \---Registry_backups
    
    HJT Log

    Logfile of HijackThis v1.99.1
    Scan saved at 3:56:32 PM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Dynex Wireless G Adapter\WLService.exe
    C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\Program Files\Trend Micro\Antivirus\pccguide.exe
    C:\Program Files\Trend Micro\Antivirus\PCClient.exe
    C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Dynex Wireless G Adapter WLService (Dynex Wireless Service) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  8. crownpetrol

    crownpetrol Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    6
    Here's the SuperAntiSpyware Log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/16/2007 at 08:23 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3270
    Trace Rules Database Version: 1281

    Scan type : Complete Scan
    Total Scan Time : 02:43:01

    Memory items scanned : 435
    Memory threats detected : 1
    Registry items scanned : 5966
    Registry threats detected : 9
    File items scanned : 116679
    File threats detected : 8

    Trojan.NewDotNet-Installer
    C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET6_38.DLL
    C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET6_38.DLL
    C:\PROGRAM FILES\THEMEXP\THEMEXP.ORG FILE\NNWDAB638.EXE

    Trojan.NewDotNet
    HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
    HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
    HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
    HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32
    HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID
    HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable
    HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib
    HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NEWDOTNET\NEWDOTNET6_38.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NEWDOTNET\UNINSTALL6_38.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_38.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{84A932B5-EF23-4F2C-AF83-120FFCF5EB58}\RP340\A0044083.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{84A932B5-EF23-4F2C-AF83-120FFCF5EB58}\RP340\A0044087.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{84A932B5-EF23-4F2C-AF83-120FFCF5EB58}\RP340\A0044088.EXE

    and here's a new HJT Log

    Logfile of HijackThis v1.99.1
    Scan saved at 1:18:38 AM, on 7/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Dynex Wireless G Adapter\WLService.exe
    C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
    C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
    C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\Program Files\Trend Micro\Antivirus\pccguide.exe
    C:\Program Files\Trend Micro\Antivirus\PCClient.exe
    C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\CASEYA~1\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Dynex Wireless G Adapter WLService (Dynex Wireless Service) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    Thanks Again,
    Casey
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks fine. How is it running now? Any problems?
     
  10. crownpetrol

    crownpetrol Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    6
    It's running a hundred times better now, but I still have that CinePlayer DVD Decoder Icon in my control panel that I can't get rid of. Also, the folder sonic shared is still in my common program files and I can't delete it. Is there anything I can do about this?
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Are you talking about removing them from add/remove programs?

    http://support.microsoft.com/kb/314481




    You can and should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless for them to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

    The OTMoveIt by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.

    SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.


    It's a good idea to Flush your System Restore after removing malware:
    Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405


    Here are some additional links for you to check out to help you with your computer security.

    Secunia software inspector & update checker

    Good free tools and advice on how to tighten your security settings.

    Security Help Tools
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595175

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice