1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spybot compromised and embedded viruses

Discussion in 'Virus & Other Malware Removal' started by Warlok58, Jul 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Warlok58

    Warlok58 Thread Starter

    Joined:
    Jul 27, 2006
    Messages:
    5
    Greetings,
    This is my first posting here. The other night I ran spybot and noted that it ran through the botcheck really quickly. I then ran AVG and found Java byte viruses and a trojan. Since then I ran Adaware SE and had 243 problems. This I find galling as i try to keep on top of problems.
    I have downloaded HTJ and this is the logfile. What have i missed?

    Logfile of HijackThis v1.99.1
    Scan saved at 21:49:00, on 27/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147986517671
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    Clear your java cache as described here: http://www.java.com/en/download/help/5000020300.xml


    Download Ewido anti-spyware from HERE and save that file to your desktop.

    This is a 30 day trial of the program
    1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run ewido and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
    2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. ewido will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.


    Post a new HijackThis log and the log from Ewido.
     
  3. Warlok58

    Warlok58 Thread Starter

    Joined:
    Jul 27, 2006
    Messages:
    5
    Thanks for the help so far, this is the result of the ewido scan.
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 05:59:07 28/07/2006

    + Scan result:



    C:\Documents and Settings\Adam\Local Settings\Temp\kbeepm.sys -> Backdoor.Genlot.DX : No action taken.
    C:\Documents and Settings\Kevin\Local Settings\Temp\kbeepm.sys -> Backdoor.Genlot.DX : No action taken.
    C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\ORTZIAVH\drsmartload_js[1].htm -> Downloader.IstBar.j : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Helen\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Helen\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Adtrak : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Com : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected]ture[2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Helen\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Helen\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Helen\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Helen\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Helen\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Helen\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Helen\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\RECYCLER\S-1-5-21-1078081533-1500820517-1801674531-1005\Dc2\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    D:\RECYCLER\S-1-5-21-1078081533-1500820517-1801674531-1005\Dd1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Beth\My Documents\Beth.FAMILYROOM\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Beth.FAMILYROOM\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Ivwbox : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Ivwbox : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Ivwbox : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : No action taken.
    C:\Documents and Settings\Adam\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Beth\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Beth\My Documents\Beth.FAMILYROOM\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Adam\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    D:\162613 robson\drive2\Documents and Settings\Beth.FAMILYROOM\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.


    ::Report end

    The above has had all actions taken, I took this report before I applied that. Sorry.
     
  4. Warlok58

    Warlok58 Thread Starter

    Joined:
    Jul 27, 2006
    Messages:
    5
    Here is the HTJ log.

    Logfile of HijackThis v1.99.1
    Scan saved at 06:11:07, on 28/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147986517671
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Restart in Safe Mode.
    Click here to see how.


    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".


    Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Next navigate to the C:\Documents and Settings\Adam (Repeat for all user names)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Repeat the same thing for this folder:C:\Documents and Settings\Adam (Repeat for all user names)\Local Settings\Temporary Internet Files\Content.IE5


    Empty your recycle bin.

    Reboot and post another log.
     
  6. Warlok58

    Warlok58 Thread Starter

    Joined:
    Jul 27, 2006
    Messages:
    5
    Sorry for the delay, Yesterday was a bad day. Nevermind. Here is thr HTJ log after the deletions.
    Logfile of HijackThis v1.99.1
    Scan saved at 09:53:51, on 29/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147986517671
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    I just wanted to add my thanks so far Cybertech. IT is an area I want to work in so I want to learn as much as I can. I also want to prove you can teach an old dog new tricks.
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You can trim down the startups...
    Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Remove the checkmark from:

    SunJavaUpdateSched jusched.exe

    QuickTime Task qttask.exe

    TkBellExe realsched.exe
    (Note: The above 2 entries pertain to QuickTime and RealPlayer. Every time you open and use either of them, they'll re-enable themselves in the startup list, so you'll need to go back and disable them)

    MSMSGS msmsgs.exe

    MsnMsgr MsnMsgr.Exe
    (Note: The above 2 entries pertain to Windows Messenger and MSN Messenger. You'll also need to go into their tools/options/preferences settings and disable the commands that tell them to load when your computer starts and run in the background. If you don't, they'll keep re-enabling themselves in the startup list.)

    Microsoft Office OSA9.EXE

    Adobe Reader Speed Launch reader_sl.exe

    Click Apply - OK afterwards, then reboot. When the SCU window appears during reboot, ignore the message. Place a checkmark in the window, then click OK.


    Are the virus warnings gone?
    Any problems?
     
  8. Warlok58

    Warlok58 Thread Starter

    Joined:
    Jul 27, 2006
    Messages:
    5
    Thanks you are amazing. I do have a question though. Should I uninstall Spybot and get a newer version?
    The checks I am getting are still nonsense.
    I have downloaded Adaware SE.
    The computer seems to be working a lot better now.
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Spybot-S&D current version is 1.4, if you don't have that for sure remove the old one and get the new one.

    I'm not sure what you mean by "checks"... ??
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486970

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice