Cant get this out of my computer 888.dll . At time it shows up as if it is a program and I can delete in my add and remove programs. Other time it is not present . I shows up in norton and is removed but then come back. It is slowing up everything it seems and it seems to draw a lot of junk to me as well as viruses. I have tried turning off system restore and running ad-aware ,spy bot and norton in this setting and it still comes up. Does any one have any suggestions. It wold be greatly appreciated.
Thank you in advance
Full Version: tried many things that know with my limited knowledge and cant get 888.dll out of my system
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hello,crux & Welcome
We ask that everyone have a look at the quote box at the bottom of my page
please go there now and.do as is asked of you then come back here with a new HijackThis logfile.
Gogo
We ask that everyone have a look at the quote box at the bottom of my page
please go there now and.do as is asked of you then come back here with a new HijackThis logfile.
Gogo
QUOTE(HJThis @ Dec 7 2006, 01:42 AM) 
Hello,crux & Welcome
We ask that everyone have a look at the quote box at the bottom of my page
please go there now and.do as is asked of you then come back here with a new HijackThis logfile.
Gogo
We ask that everyone have a look at the quote box at the bottom of my page
please go there now and.do as is asked of you then come back here with a new HijackThis logfile.
Gogo
Nice to meet you!!!Thank you for helping me.... Keep in mind I am a novice.... Here is what you asked for (there was some other things that came up in the Ad-Aware scan so I hope this Logfile is not to bad)
Crux
Logfile of HijackThis v1.99.1
Scan saved at 11:41:21 AM, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O4 - HKCU\..\Run: [ezmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164345584390
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (EposActiveX Viewer Plugin) - http://www.s3dquote.com/EposActiveX.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95185E56-851C-45D5-9C34-6306527956B0}: NameServer = 68.94.156.1,68.94.157.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac9iosass - Intel Corporation - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hi,crux
Hmm you have a ton of stuff you need to get off this PC.
Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by.
entries:
MediaUpdate
MovieNetworks
Kazaa
Hotbar
NavEnhance
ClearSearch
altnet
SpyBlast
GAIN/Gator
and this is only programs to be removed you have a lot of cleaning to do.
so please goto the links in the quote box at the bottom of this page.
do as is asked of you then come back here with a new HijackThis logfile.
Gogo
Hmm you have a ton of stuff you need to get off this PC.
Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by.
entries:
MediaUpdate
MovieNetworks
Kazaa
Hotbar
NavEnhance
ClearSearch
altnet
SpyBlast
GAIN/Gator
and this is only programs to be removed you have a lot of cleaning to do.
so please goto the links in the quote box at the bottom of this page.
do as is asked of you then come back here with a new HijackThis logfile.
Gogo
QUOTE(HJThis @ Dec 8 2006, 02:52 AM)
Hi,crux
Hmm you have a ton of stuff you need to get off this PC.
Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by.
entries:
MediaUpdate
MovieNetworks
Kazaa
Hotbar
NavEnhance
ClearSearch
altnet
SpyBlast
GAIN/Gator
and this is only programs to be removed you have a lot of cleaning to do.
so please goto the links in the quote box at the bottom of this page.
do as is asked of you then come back here with a new HijackThis logfile.
Gogo
Hmm you have a ton of stuff you need to get off this PC.
Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by.
entries:
MediaUpdate
MovieNetworks
Kazaa
Hotbar
NavEnhance
ClearSearch
altnet
SpyBlast
GAIN/Gator
and this is only programs to be removed you have a lot of cleaning to do.
so please goto the links in the quote box at the bottom of this page.
do as is asked of you then come back here with a new HijackThis logfile.
Gogo
I looked to see if what you mentioned needed deleting (add/remove programs) but none of them where existing.
so I did the scan with Ad-Aware and realized I preformed the scan incorrectly in the past(didn't check what needed to be removed..go figure ...sorry)
and here is my info from Hijack I hope it is much better. Thank you much! much! For your help
Crux
Logfile of HijackThis v1.99.1
Scan saved at 1:40:32 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164345584390
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (EposActiveX Viewer Plugin) - http://www.s3dquote.com/EposActiveX.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3D26CE-7DB3-4E90-BF44-C96CA2DA5173}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{95185E56-851C-45D5-9C34-6306527956B0}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E3D26CE-7DB3-4E90-BF44-C96CA2DA5173}: NameServer = 68.94.156.1 68.94.157.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac9iosass - Intel Corporation - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hi,crux
• Uninstall the following programs if present
- Go to Start > Control Panel > Add/Remove Programs
- Select the following, one at a time, and click Remove for each one
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it
If OIN not listed, download and run this uninstaller
http://www.outerinfo.com/OiUninstaller.exe
Reboot when done! Really important!
Then do this here for me please
http://download.bleepingcomputer.com/sUBs/combofix.exe1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply with a new HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Gogo
• Uninstall the following programs if present
- Go to Start > Control Panel > Add/Remove Programs
- Select the following, one at a time, and click Remove for each one
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it
If OIN not listed, download and run this uninstaller
http://www.outerinfo.com/OiUninstaller.exe
Reboot when done! Really important!
Then do this here for me please
http://download.bleepingcomputer.com/sUBs/combofix.exe1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply with a new HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Gogo
QUOTE(HJThis @ Dec 8 2006, 10:30 PM)
Hi,crux
• Uninstall the following programs if present
- Go to Start > Control Panel > Add/Remove Programs
- Select the following, one at a time, and click Remove for each one
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it
If OIN not listed, download and run this uninstaller
http://www.outerinfo.com/OiUninstaller.exe
Reboot when done! Really important!
Then do this here for me please
http://download.bleepingcomputer.com/sUBs/combofix.exe1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply with a new HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Gogo
• Uninstall the following programs if present
- Go to Start > Control Panel > Add/Remove Programs
- Select the following, one at a time, and click Remove for each one
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it
If OIN not listed, download and run this uninstaller
http://www.outerinfo.com/OiUninstaller.exe
Reboot when done! Really important!
Then do this here for me please
http://download.bleepingcomputer.com/sUBs/combofix.exe1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply with a new HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Gogo
Well did not fing any OIN
Ran the uninstaller
the link you gave me for combofix.exe there was nothing there but I looked it up (spywarebot)so I tried it
and it would not let me do the scan ther was some sort of error . I tried taking out then reinsaling it but got he same error.
her is the hijack log
Logfile of HijackThis v1.99.1
Scan saved at 1:04:26 AM, on 12/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164345584390
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (EposActiveX Viewer Plugin) - http://www.s3dquote.com/EposActiveX.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3D26CE-7DB3-4E90-BF44-C96CA2DA5173}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{95185E56-851C-45D5-9C34-6306527956B0}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E3D26CE-7DB3-4E90-BF44-C96CA2DA5173}: NameServer = 68.94.156.1 68.94.157.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac9iosass - Intel Corporation - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hi,crux
What was not there ?
are you saying that you could not download and run the combofix ???
Gogo
What was not there ?
are you saying that you could not download and run the combofix ???
Gogo
QUOTE(HJThis @ Dec 9 2006, 03:21 AM)
Hi,crux
What was not there ?
are you saying that you could not download and run the combofix ???
Gogo
What was not there ?
are you saying that you could not download and run the combofix ???
Gogo
Hello Gogo~
The link you gave me for the combofix said something like the info was no longer available. Yet I googled it and it took me to Spywarebot...so I was thinking that is the program you wanted me to run. So I tried instaling it to run but the was some error on their end with it. So I uninstaled it and reinstaled it and tried again but it did not let me do it(same error)...was the link you set up for combofix to take me to Spywarebot?? Well if it was it did not let me do the scan. Hope this helps
Crux
Hi,crux
Oh k my bad try this link here
Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Gogo
Oh k my bad try this link here
Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Gogo
QUOTE(HJThis @ Dec 9 2006, 05:10 PM)
Hi,crux
Oh k my bad try this link here
Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Gogo
Oh k my bad try this link here
Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Gogo
Hey here is the Comofix
Edmond - 06-12-09 21:58:38.82 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Program Files\Mozilla Firefox"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Edmond\Application Data\SMANTE~1
C:\QooBox\Purity\Documents and Settings\Edmond\My Documents\SSTEM~1
C:\QooBox\Purity\Documents and Settings\Edmond\My Documents\SSTEM~1\s?stem
((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))
2006-12-09 19:15 360 --a------ C:\Combo.bat
2006-12-09 00:42 78,488 --a------ C:\WINDOWS\SYSTEM32\XMD5.dll
2006-12-09 00:42 101,888 --a------ C:\WINDOWS\SYSTEM32\vb6stkit.dll
2006-12-08 02:44 844,889 ---hs---- C:\WINDOWS\SYSTEM32\pstwa.ini2
2006-12-07 01:14 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-07 01:08 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2006-12-07 00:45 <DIR> d-------- C:\Program Files\Windows Defender
2006-12-06 12:27 <DIR> d-------- C:\Hijackthis
2006-12-05 23:57 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-05 23:57 <DIR> d-------- C:\Documents and Settings\Edmond\Application Data\Lavasoft
2006-12-05 00:40 <DIR> d-------- C:\Program Files\Java
2006-12-04 21:03 <DIR> d-------- C:\Program Files\Common Files\Designer
2006-12-04 21:03 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2006-12-04 20:56 <DIR> d-------- C:\Program Files\AutoCAD 2007
2006-12-04 20:56 <DIR> d-------- C:\Documents and Settings\Edmond\Application Data\Autodesk
2006-12-04 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2006-12-04 20:50 <DIR> d-------- C:\Program Files\Autodesk
2006-12-03 21:10 <DIR> d-------- C:\Program Files\Grisoft
2006-12-03 15:18 <DIR> d-------- C:\Program Files\Enigma Software Group
2006-12-01 18:11 <DIR> d-------- C:\Documents and Settings\Edmond\Application Data\Talkback
2006-12-01 18:10 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-12-01 17:36 111,104 --a------ C:\WINDOWS\SYSTEM32\mtstocom.exe
2006-12-01 17:26 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-01 17:03 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2006-12-01 16:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\ReinstallBackups
2006-12-01 12:58 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2006-12-01 12:28 382,464 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll
2006-12-01 12:28 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2006-12-01 12:27 81,920 --a------ C:\WINDOWS\SYSTEM32\isign32.dll
2006-12-01 12:27 81,920 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2006-12-01 12:27 73,728 --a------ C:\WINDOWS\SYSTEM32\icwdial.dll
2006-12-01 12:27 73,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sr.sys
2006-12-01 12:27 69,632 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2006-12-01 12:27 67,584 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2006-12-01 12:27 65,536 --a------ C:\WINDOWS\SYSTEM32\icwphbk.dll
2006-12-01 12:27 64,512 --a------ C:\WINDOWS\SYSTEM32\acctres.dll
2006-12-01 12:27 48,128 --a------ C:\WINDOWS\SYSTEM32\inetres.dll
2006-12-01 12:27 45,568 --a------ C:\WINDOWS\SYSTEM32\safrslv.dll
2006-12-01 12:27 43,520 --a------ C:\WINDOWS\SYSTEM32\safrcdlg.dll
2006-12-01 12:27 43,520 --a------ C:\WINDOWS\SYSTEM32\racpldlg.dll
2006-12-01 12:27 34,560 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2006-12-01 12:27 32,768 --a------ C:\WINDOWS\SYSTEM32\mnmsrvc.exe
2006-12-01 12:27 32,768 --a------ C:\WINDOWS\SYSTEM32\isrdbg32.dll
2006-12-01 12:27 29,696 --a------ C:\WINDOWS\SYSTEM32\safrdm.dll
2006-12-01 12:27 28,672 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2006-12-01 12:27 274,944 --a------ C:\WINDOWS\SYSTEM32\mstask.dll
2006-12-01 12:27 274,432 --a------ C:\WINDOWS\SYSTEM32\inetcfg.dll
2006-12-01 12:27 252,928 --a------ C:\WINDOWS\SYSTEM32\msoeacct.dll
2006-12-01 12:27 239,104 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2006-12-01 12:27 190,976 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2006-12-01 12:27 170,496 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2006-12-01 12:27 12,288 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe
2006-12-01 12:27 105,984 --a------ C:\WINDOWS\SYSTEM32\msoert2.dll
2006-12-01 12:23 93,696 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2006-12-01 12:23 87,176 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2006-12-01 12:23 85,504 --a------ C:\WINDOWS\SYSTEM32\catsrvps.dll
2006-12-01 12:23 8,704 --a------ C:\WINDOWS\SYSTEM32\fxsperf.dll
2006-12-01 12:23 72,192 --a------ C:\WINDOWS\SYSTEM32\fxscom.dll
2006-12-01 12:23 67,072 --a------ C:\WINDOWS\SYSTEM32\rdshost.exe
2006-12-01 12:23 655,360 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2006-12-01 12:23 62,464 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2006-12-01 12:23 60,416 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2006-12-01 12:23 6,656 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2006-12-01 12:23 6,656 --a------ C:\WINDOWS\SYSTEM32\fxsres.dll
2006-12-01 12:23 6,144 --a------ C:\WINDOWS\SYSTEM32\msdtc.exe
2006-12-01 12:23 58,880 --a------ C:\WINDOWS\SYSTEM32\msdtclog.dll
2006-12-01 12:23 562,176 --a------ C:\WINDOWS\SYSTEM32\fxsst.dll
2006-12-01 12:23 55,296 --a------ C:\WINDOWS\SYSTEM32\fxsevent.dll
2006-12-01 12:23 538,624 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2006-12-01 12:23 452,096 --a------ C:\WINDOWS\SYSTEM32\fxsapi.dll
2006-12-01 12:23 44,544 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2006-12-01 12:23 407,552 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2006-12-01 12:23 400,384 --a------ C:\WINDOWS\SYSTEM32\fxsxp32.dll
2006-12-01 12:23 397,312 --a------ C:\WINDOWS\SYSTEM32\fxstiff.dll
2006-12-01 12:23 38,912 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2006-12-01 12:23 343,040 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2006-12-01 12:23 295,424 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2006-12-01 12:23 285,184 --a------ C:\WINDOWS\SYSTEM32\fxscomex.dll
2006-12-01 12:23 27,136 --a------ C:\WINDOWS\SYSTEM32\fxsdrv.dll
2006-12-01 12:23 267,776 --a------ C:\WINDOWS\SYSTEM32\fxssvc.exe
2006-12-01 12:23 246,272 --a------ C:\WINDOWS\SYSTEM32\fxst30.dll
2006-12-01 12:23 23,552 --a------ C:\WINDOWS\SYSTEM32\fxsmon.dll
2006-12-01 12:23 23,552 --a------ C:\WINDOWS\SYSTEM32\fxsext32.dll
2006-12-01 12:23 229,376 --a------ C:\WINDOWS\SYSTEM32\fxscover.exe
2006-12-01 12:23 21,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdtcp.sys
2006-12-01 12:23 20,480 --a------ C:\WINDOWS\SYSTEM32\qprocess.exe
2006-12-01 12:23 192,512 --a------ C:\WINDOWS\SYSTEM32\fxswzrd.dll
2006-12-01 12:23 19,968 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2006-12-01 12:23 183,808 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe
2006-12-01 12:23 154,112 --a------ C:\WINDOWS\SYSTEM32\fxsui.dll
2006-12-01 12:23 147,968 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2006-12-01 12:23 143,360 --a------ C:\WINDOWS\SYSTEM32\fxsclnt.exe
2006-12-01 12:23 140,800 --a------ C:\WINDOWS\SYSTEM32\sessmgr.exe
2006-12-01 12:23 131,584 --a------ C:\WINDOWS\SYSTEM32\sndrec32.exe
2006-12-01 12:23 13,824 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2006-12-01 12:23 123,392 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2006-12-01 12:23 12,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdpipe.sys
2006-12-01 12:23 111,104 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2006-12-01 12:23 11,264 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2006-12-01 12:23 102,912 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2006-12-01 12:23 1,134,592 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2006-12-01 12:23 <DIR> d-------- C:\Program Files\Online Services
2006-12-01 12:22 58,880 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2006-12-01 12:22 56,320 --a------ C:\WINDOWS\SYSTEM32\servdeps.dll
2006-12-01 12:22 185,344 --a------ C:\WINDOWS\SYSTEM32\cmprops.dll
2006-12-01 12:22 17,408 --a------ C:\WINDOWS\SYSTEM32\mmfutil.dll
2006-12-01 12:06 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2006-12-01 12:06 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2006-12-01 12:05 57,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2006-12-01 12:05 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2006-12-01 12:03 66,591 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\el90xbc5.sys
2006-12-01 12:02 4,096 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2006-12-01 12:01 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2006-12-01 12:01 196,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys
2006-12-01 11:59 74,752 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2006-12-01 11:59 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2006-12-01 11:59 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2006-12-01 11:59 11,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2006-11-30 19:24 303,208 --a------ C:\WINDOWS\SYSTEM32\AcSignOpt.exe
2006-11-30 17:39 1,129,232 --a------ C:\WINDOWS\SYSTEM32\FM20.DLL
2006-11-30 08:50 18,484 ---hs---- C:\WINDOWS\SYSTEM32\ddabx.dll
2006-11-30 07:51 18,464 --a------ C:\WINDOWS\SYSTEM32\mllmj.dll
2006-11-30 05:40 26,384 --a------ C:\WINDOWS\SYSTEM32\FM20ENU.DLL
2006-11-30 05:29 18,432 --a------ C:\WINDOWS\SYSTEM32\awvvs.dll
2006-11-30 05:05 18,432 --a------ C:\WINDOWS\SYSTEM32\awvvw.dll
2006-11-30 04:13 185,448 --a------ C:\WINDOWS\SYSTEM32\AcSignIcon.dll
2006-11-30 04:13 177,768 --a------ C:\WINDOWS\SYSTEM32\AcSignExt.dll
2006-11-30 04:13 15,976 --a------ C:\WINDOWS\SYSTEM32\AcSignExtRes.dll
2006-11-30 04:02 118,784 --a------ C:\WINDOWS\SYSTEM32\msstdfmt.dll
2006-11-27 11:25 <DIR> d-------- C:\Documents and Settings\Edmond\Application Data\SearchToolbarCorp
2006-11-25 18:26 824,995 ---hs---- C:\WINDOWS\SYSTEM32\pstwa.bak2
2006-11-24 18:00 1,225,677 ---hs---- C:\WINDOWS\SYSTEM32\pstwa.bak1
2006-11-24 17:58 40,973 ---hs---- C:\WINDOWS\SYSTEM32\nnnmmjg.dll
2006-11-24 02:22 40,973 ---hs---- C:\WINDOWS\SYSTEM32\rqrsspo.dll
2006-11-24 00:29 38,420 --a------ C:\WINDOWS\SYSTEM32\cbvexbxo.dll
2006-11-24 00:14 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2006-11-23 23:47 <DIR> d-------- C:\WINDOWS\oqqz
2006-11-23 23:47 <DIR> d-------- C:\Program Files\Common Files\oqqz
2006-11-23 04:15 692,276 --------- C:\WINDOWS\SYSTEM32\awtsp.dll
2006-11-23 03:14 692,256 --a------ C:\WINDOWS\SYSTEM32\ddayw.dll
2006-11-23 02:14 692,256 --a------ C:\WINDOWS\SYSTEM32\mljgf.dll
2006-11-23 01:13 692,256 --a------ C:\WINDOWS\SYSTEM32\awtss.dll
2006-11-23 00:12 692,256 --a------ C:\WINDOWS\SYSTEM32\ddcya.dll
2006-11-22 23:14 692,256 --a------ C:\WINDOWS\SYSTEM32\vtsqr.dll
2006-11-22 22:12 692,256 --a------ C:\WINDOWS\SYSTEM32\vtsqn.dll
2006-11-22 21:17 692,256 --a------ C:\WINDOWS\SYSTEM32\ddayy.dll
2006-11-22 20:16 692,256 --a------ C:\WINDOWS\SYSTEM32\mljjh.dll
2006-11-22 19:16 692,256 --a------ C:\WINDOWS\SYSTEM32\mljgd.dll
2006-11-22 18:15 692,256 --a------ C:\WINDOWS\SYSTEM32\pmkjj.dll
2006-11-22 17:14 692,256 --a------ C:\WINDOWS\SYSTEM32\gebcy.dll
2006-11-22 16:14 692,256 --a------ C:\WINDOWS\SYSTEM32\mlljh.dll
2006-11-22 15:13 692,256 --a------ C:\WINDOWS\SYSTEM32\awvtu.dll
2006-11-22 14:12 692,256 --a------ C:\WINDOWS\SYSTEM32\awvtq.dll
2006-11-22 13:33 692,256 --a------ C:\WINDOWS\SYSTEM32\ddccd.dll
2006-11-22 11:16 40,973 ---hs---- C:\WINDOWS\SYSTEM32\iifdcab.dll
2006-11-22 11:12 692,256 --a------ C:\WINDOWS\SYSTEM32\pmnnm.dll
2006-11-22 10:13 692,256 --a------ C:\WINDOWS\SYSTEM32\pmkhh.dll
2006-11-22 09:08 77,824 --a------ C:\WINDOWS\SYSTEM32\fmrmhc.dll
2006-11-22 09:02 59,392 --a------ C:\WINDOWS\SYSTEM32\drvbov.dll
2006-11-22 09:02 40,973 ---hs---- C:\WINDOWS\SYSTEM32\tuvwwwv.dll
2006-11-22 02:09 <DIR> d-------- C:\WINDOWS\Profiles
2006-11-21 23:03 <DIR> d-------- C:\Program Files\WinRAR
2006-11-18 20:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2006-11-16 03:01 <DIR> d-------- C:\a5d12f24fd818d71ea5984ea42b7
2006-11-15 01:08 <DIR> d-------- C:\Program Files\Azureus
2006-11-15 01:08 <DIR> d-------- C:\Documents and Settings\Edmond\Application Data\Azureus
2006-11-15 01:05 <DIR> d-------- C:\WINDOWS\Sun
2006-11-15 01:05 <DIR> d-------- C:\Documents and Settings\Edmond\Application Data\Sun
2006-11-15 00:50 <DIR> d-------- C:\Documents and Settings\Edmond\Application Data\BitTorrent
2006-11-15 00:49 <DIR> d-------- C:\Program Files\BitTorrent
2006-11-11 18:58 1,798,144 --------- C:\WINDOWS\UnWMPBurn.exe
2006-11-11 18:58 <DIR> d-------- C:\Program Files\Common Files\Ahead
2006-11-11 18:58 <DIR> d-------- C:\Program Files\Ahead
2006-11-11 03:08 <DIR> d-------- C:\Program Files\Need2Find
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-09 19:13 -------- d-------- C:\Program Files\Common Files
2006-12-07 01:20 -------- d-------- C:\Program Files\Windows Media Player
2006-12-04 21:17 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-12-04 21:03 -------- d-------- C:\Program Files\Microsoft Office
2006-12-04 21:03 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-02 20:58 -------- d-------- C:\Program Files\Common Files\Services
2006-12-02 18:06 -------- d-------- C:\Program Files\Google
2006-12-01 18:10 -------- d-------- C:\Documents and Settings\Edmond\Application Data\Mozilla
2006-12-01 17:51 -------- d-------- C:\Program Files\MSN
2006-12-01 17:48 -------- d-------- C:\Documents and Settings\Edmond\Application Data\MSN6
2006-12-01 17:02 -------- d-------- C:\Program Files\NetMeeting
2006-12-01 17:02 -------- d-------- C:\Program Files\Movie Maker
2006-12-01 17:01 -------- d-------- C:\Program Files\Windows NT
2006-12-01 17:01 -------- d-------- C:\Program Files\Outlook Express
2006-12-01 17:01 -------- d-------- C:\Program Files\Common Files\System
2006-12-01 13:06 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-26 01:14 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-25 21:55 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-25 21:55 -------- d-------- C:\Program Files\Adobe
2006-11-19 11:14 -------- d-------- C:\Program Files\Internet Explorer
2006-11-19 02:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-17 01:59 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-11 03:09 10 --a------ C:\WINDOWS\smdat32m.sys
2006-11-07 21:03 6049280 --a------ C:\WINDOWS\SYSTEM32\ieframe.dll
2006-11-07 21:03 50688 --a------ C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-11-07 21:03 458752 --a------ C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-11-07 21:03 180736 --a------ C:\WINDOWS\SYSTEM32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-10-25 22:29 -------- d-------- C:\Program Files\Yahoo!
2006-10-18 21:58 8704 --a------ C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\WMASF.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 38528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 12:58 61952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 12:57 266752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 12:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 11:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\SYSTEM32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\SYSTEM32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\SYSTEM32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\SYSTEM32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\SYSTEM32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\SYSTEM32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-09-15 21:52 91904 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Ebbs"="\"C:\\DOCUME~1\\Edmond\\MYDOCU~1\\SSTEM~1\\explorer.exe\" -vt ndrv"
"Tvt"="C:\\Documents and Settings\\Edmond\\Application Data\\S?mantec\\m?iexec.exe"
"SpyBlast"="C:\\Program Files\\SpyBlast\\SpyBlast.exe /autorun"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"Internet Washer Pro"="C:\\PROGRA~1\\INTERN~2\\iw.exe min"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="atiptaxx.exe"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"ATIModeChange"="Ati2mdxx.exe"
"DellTouch"="C:\\WINDOWS\\DELLMMKB.EXE"
"ZHUCMW"="C:\\WINDOWS\\ZHUCMW.exe"
"YBrowser"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"WT GameChannel"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
"UpdateMedia"="C:\\Program Files\\MediaUpdate\\UpdateMedia.exe"
"tchoo"="C:\\DOCUME~1\\EDMOND~1\\APPLIC~1\\frllckgl.exe -QuieT"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MS7531"="\"C:\\WINDOWS\\System32\\ms7531.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"KAZAA"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"IPInSightMonitor 01"="\"C:\\Program Files\\SBC Yahoo!\\Connection Manager\\IP InSight\\IPMon32.exe\""
"Ink Monitor"="C:\\Program Files\\EPSON\\Ink Monitor\\InkMonitor.exe"
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"HydraVisionViewport"="viewport.exe"
"HydraVisionDesktopManager"="desk98.exe"
"Hotbar"="C:\\Program Files\\Hotbar\\bin\\4.3.6.0\\Hbinst.exe /Upgrade"
"DAupdate"="C:\\Program Files\\NavEnhance\\DoubleAgent\\DAupdate.exe"
"AltnetPointsManager"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,06,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,e1,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{3F143C3A-1458-6CCA-03A7-7AA23B61E40F}"="OLE Automation Module"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
"SpecifyDefaultButtons"=dword:00000000
"Btn_Search"=dword:00000000
"NoBandCustomize"=dword:00000000
"NoToolbarCustomize"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=dword:00000003
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjnt32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Edmond.job
Completion time: 06-12-09 22:01:20.39
C:\ComboFix.txt ... 06-12-09 22:01
C:\ComboFix2.txt ... 06-12-09 21:53
C:\ComboFix3.txt ... 06-12-09 21:50
Here is Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 10:05:11 PM, on 12/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164345584390
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (EposActiveX Viewer Plugin) - http://www.s3dquote.com/EposActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3D26CE-7DB3-4E90-BF44-C96CA2DA5173}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{95185E56-851C-45D5-9C34-6306527956B0}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E3D26CE-7DB3-4E90-BF44-C96CA2DA5173}: NameServer = 68.94.156.1 68.94.157.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac9iosass - Intel Corporation - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thanks Gogo
Hi,crux
Please download VundoFix.exe[/color] to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.
Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\pmkjj.dll
Click the “Add Files” button.
Click the "Close Window" button.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis logfile.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Gogo
Please download VundoFix.exe[/color] to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.
Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\pmkjj.dll
Click the “Add Files” button.
Click the "Close Window" button.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis logfile.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Gogo
QUOTE(HJThis @ Dec 10 2006, 01:07 AM)
Hi,crux
Please download VundoFix.exe[/color] to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.
Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\pmkjj.dll
Click the “Add Files” button.
Click the "Close Window" button.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis logfile.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Gogo
Please download VundoFix.exe[/color] to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.
Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\pmkjj.dll
Click the “Add Files” button.
Click the "Close Window" button.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis logfile.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Gogo
well here is Vundo
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.9
Scan started at 10:29:34 AM 12/10/2006
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\awtsp.dll
C:\WINDOWS\SYSTEM32\pstwa.ini
C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\pstwa.bak2
C:\WINDOWS\SYSTEM32\pstwa.ini2
C:\WINDOWS\SYSTEM32\pstwa.tmp
C:\WINDOWS\SYSTEM32\awtss.dll
C:\WINDOWS\SYSTEM32\awvtq.dll
C:\WINDOWS\SYSTEM32\awvtu.dll
C:\WINDOWS\SYSTEM32\ddayw.dll
C:\WINDOWS\SYSTEM32\ddayy.dll
C:\WINDOWS\SYSTEM32\ddccd.dll
C:\WINDOWS\SYSTEM32\ddcya.dll
C:\WINDOWS\SYSTEM32\gebcy.dll
C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\mljjh.dll
C:\WINDOWS\SYSTEM32\mlljh.dll
C:\WINDOWS\SYSTEM32\pmkhh.dll
C:\WINDOWS\SYSTEM32\pmkjj.dll
C:\WINDOWS\SYSTEM32\pmnnm.dll
C:\WINDOWS\SYSTEM32\vtsqn.dll
C:\WINDOWS\SYSTEM32\vtsqr.dll
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\SYSTEM32\pstwa.ini
C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\pstwa.bak2
C:\WINDOWS\SYSTEM32\pstwa.ini2
C:\WINDOWS\SYSTEM32\pstwa.tmp
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\pstwa.tmp
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\pstwa.tmp
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\pstwa.tmp
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\pstwa.tmp
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\pstwa.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\awtsp.dll
C:\WINDOWS\SYSTEM32\awtsp.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pstwa.ini
C:\WINDOWS\SYSTEM32\pstwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\pstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pstwa.bak2
C:\WINDOWS\SYSTEM32\pstwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pstwa.ini2
C:\WINDOWS\SYSTEM32\pstwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pstwa.tmp
C:\WINDOWS\SYSTEM32\pstwa.tmp Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\awtss.dll
C:\WINDOWS\SYSTEM32\awtss.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\awvtq.dll
C:\WINDOWS\SYSTEM32\awvtq.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\awvtu.dll
C:\WINDOWS\SYSTEM32\awvtu.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\ddayw.dll
C:\WINDOWS\SYSTEM32\ddayw.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\ddayy.dll
C:\WINDOWS\SYSTEM32\ddayy.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\ddccd.dll
C:\WINDOWS\SYSTEM32\ddccd.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\ddcya.dll
C:\WINDOWS\SYSTEM32\ddcya.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\gebcy.dll
C:\WINDOWS\SYSTEM32\gebcy.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\SYSTEM32\mljgd.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\mljgf.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\mljjh.dll
C:\WINDOWS\SYSTEM32\mljjh.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\mlljh.dll
C:\WINDOWS\SYSTEM32\mlljh.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pmkhh.dll
C:\WINDOWS\SYSTEM32\pmkhh.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pmkjj.dll
C:\WINDOWS\SYSTEM32\pmkjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pmnnm.dll
C:\WINDOWS\SYSTEM32\pmnnm.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\vtsqn.dll
C:\WINDOWS\SYSTEM32\vtsqn.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\vtsqr.dll
C:\WINDOWS\SYSTEM32\vtsqr.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.9
Scan started at 3:53:24 PM 12/10/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
And here is Hijack
Logfile of HijackThis v1.99.1
Scan saved at 4:16:03 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: ykaxyrujgkdksxrekrpl - {0ad3b495-80bd-4826-984e-65ebe7891fca} - C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll (disabled by BHODemon)
O2 - BHO: (no name) - {0B9D112A-9CC0-491D-ADCD-FAB32C265A1F} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\rvjxoisp.dll (file missing)
O2 - BHO: (no name) - {6E3A0E38-2E5F-416D-AD25-BAF3A745F792} - (no file)
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EB1B6578-6635-43E1-8103-626FF6FA1CA0} - C:\WINDOWS\system32\awtsp.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164345584390
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (EposActiveX Viewer Plugin) - http://www.s3dquote.com/EposActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3D26CE-7DB3-4E90-BF44-C96CA2DA5173}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{95185E56-851C-45D5-9C34-6306527956B0}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E3D26CE-7DB3-4E90-BF44-C96CA2DA5173}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjnt32 - winjnt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac9iosass - Intel Corporation - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thanks Gogo
Hi,crux
may i ask please that you not reply in quotes from here on.
Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.
Please do not run any other options until you are asked to do so.
Gogo
may i ask please that you not reply in quotes from here on.
Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.
Please do not run any other options until you are asked to do so.
Gogo
QUOTE(HJThis @ Dec 10 2006, 07:08 PM)
Hi,crux
may i ask please that you not reply in quotes from here on.
Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.
Please do not run any other options until you are asked to do so.
Gogo
may i ask please that you not reply in quotes from here on.
Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.
Please do not run any other options until you are asked to do so.
Gogo
Things seem to be clearing up!!!
here is the SmithfraudFix
SmitFraudFix v2.130
Scan done at 11:54:00.84, Wed 12/13/2006
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\fmrmhc.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Edmond
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Edmond\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3F143C3A-1458-6CCA-03A7-7AA23B61E40F}"="OLE Automation Module"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hey,crux
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log in your next reply.
Gogo
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log in your next reply.
Gogo
QUOTE(HJThis @ Dec 13 2006, 02:11 PM)
Hey,crux
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log in your next reply.
Gogo
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log in your next reply.
Gogo
here it is!!!!
Logfile of HijackThis v1.99.1
Scan saved at 6:36:30 PM, on 12/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: ykaxyrujgkdksxrekrpl - {0ad3b495-80bd-4826-984e-65ebe7891fca} - C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll (disabled by BHODemon)
O2 - BHO: (no name) - {0B9D112A-9CC0-491D-ADCD-FAB32C265A1F} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\rvjxoisp.dll (file missing)
O2 - BHO: (no name) - {6E3A0E38-2E5F-416D-AD25-BAF3A745F792} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EB1B6578-6635-43E1-8103-626FF6FA1CA0} - C:\WINDOWS\system32\awtsp.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164345584390
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (EposActiveX Viewer Plugin) - http://www.s3dquote.com/EposActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95185E56-851C-45D5-9C34-6306527956B0}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjnt32 - winjnt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac9iosass - Intel Corporation - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
and the other
SmitFraudFix v2.130
Scan done at 18:14:15.70, Wed 12/13/2006
Run from C:\Documents and Settings\Edmond\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3F143C3A-1458-6CCA-03A7-7AA23B61E40F}"="OLE Automation Module"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\fmrmhc.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3F143C3A-1458-6CCA-03A7-7AA23B61E40F}"="OLE Automation Module"
»»»»»»»»»»»»»»»»»»»»»»»» End
thank you for your time
Hey,crux
First goto ControlPanel Add/Remove Programs look for these itmes
here if there Uninstall/Remove them.
MediaUpdate
Kazaa
Hotbar
NavEnhance
altnet
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: ykaxyrujgkdksxrekrpl - {0ad3b495-80bd-4826-984e-65ebe7891fca} - C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll (disabled by BHODemon)
O2 - BHO: (no name) - {0B9D112A-9CC0-491D-ADCD-FAB32C265A1F} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\rvjxoisp.dll (file missing)
O2 - BHO: (no name) - {6E3A0E38-2E5F-416D-AD25-BAF3A745F792} - (no file)
O2 - BHO: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {EB1B6578-6635-43E1-8103-626FF6FA1CA0} - C:\WINDOWS\system32\awtsp.dll (file missing)
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O20 - Winlogon Notify: winjnt32 - winjnt32.dll (file missing)
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Restart your computer in Safe Mode.
Next do a file and folder Search for these items if found delete them
C:\WINDOWS\system32\winjnt32<---This file
C:\WINDOWS\system32\ojrnlt.dll<---This file
C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll<---This file
C:\WINDOWS\system32\rvjxoisp.dll<---This file
C:\WINDOWS\system32\ojrnlt.dll<---This file
C:\WINDOWS\system32\awtsp.dll<---This file
C:\WINDOWS\ZHUCMW.exe<---This file
C:\WINDOWS\System32\ms7531.exe<---This file
C:\Program Files\MediaUpdate\<---This folder
C:\Program Files\Kazaa\<---This folder
C:\Program Files\Hotbar\<---This folder
C:\Program Files\NavEnhance\<---This folder
c:\program files\altnet\<---This folder
C:\Documents and Settings\Edmond\Application Data\S?mantec\<---This folder
Now Restart in Normal Mode
Gogo
First goto ControlPanel Add/Remove Programs look for these itmes
here if there Uninstall/Remove them.
MediaUpdate
Kazaa
Hotbar
NavEnhance
altnet
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: ykaxyrujgkdksxrekrpl - {0ad3b495-80bd-4826-984e-65ebe7891fca} - C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll (disabled by BHODemon)
O2 - BHO: (no name) - {0B9D112A-9CC0-491D-ADCD-FAB32C265A1F} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\rvjxoisp.dll (file missing)
O2 - BHO: (no name) - {6E3A0E38-2E5F-416D-AD25-BAF3A745F792} - (no file)
O2 - BHO: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {EB1B6578-6635-43E1-8103-626FF6FA1CA0} - C:\WINDOWS\system32\awtsp.dll (file missing)
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O20 - Winlogon Notify: winjnt32 - winjnt32.dll (file missing)
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Restart your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe Mode.
- Login on your usual account.
Next do a file and folder Search for these items if found delete them
C:\WINDOWS\system32\winjnt32<---This file
C:\WINDOWS\system32\ojrnlt.dll<---This file
C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll<---This file
C:\WINDOWS\system32\rvjxoisp.dll<---This file
C:\WINDOWS\system32\ojrnlt.dll<---This file
C:\WINDOWS\system32\awtsp.dll<---This file
C:\WINDOWS\ZHUCMW.exe<---This file
C:\WINDOWS\System32\ms7531.exe<---This file
C:\Program Files\MediaUpdate\<---This folder
C:\Program Files\Kazaa\<---This folder
C:\Program Files\Hotbar\<---This folder
C:\Program Files\NavEnhance\<---This folder
c:\program files\altnet\<---This folder
C:\Documents and Settings\Edmond\Application Data\S?mantec\<---This folder
Now Restart in Normal Mode
Gogo
QUOTE(HJThis @ Dec 14 2006, 12:44 AM)
Hey,crux
First goto ControlPanel Add/Remove Programs look for these itmes
here if there Uninstall/Remove them.
MediaUpdate
Kazaa
Hotbar
NavEnhance
altnet
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: ykaxyrujgkdksxrekrpl - {0ad3b495-80bd-4826-984e-65ebe7891fca} - C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll (disabled by BHODemon)
O2 - BHO: (no name) - {0B9D112A-9CC0-491D-ADCD-FAB32C265A1F} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\rvjxoisp.dll (file missing)
O2 - BHO: (no name) - {6E3A0E38-2E5F-416D-AD25-BAF3A745F792} - (no file)
O2 - BHO: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {EB1B6578-6635-43E1-8103-626FF6FA1CA0} - C:\WINDOWS\system32\awtsp.dll (file missing)
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O20 - Winlogon Notify: winjnt32 - winjnt32.dll (file missing)
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Restart your computer in Safe Mode.
Next do a file and folder Search for these items if found delete them
C:\WINDOWS\system32\winjnt32<---This file
C:\WINDOWS\system32\ojrnlt.dll<---This file
C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll<---This file
C:\WINDOWS\system32\rvjxoisp.dll<---This file
C:\WINDOWS\system32\ojrnlt.dll<---This file
C:\WINDOWS\system32\awtsp.dll<---This file
C:\WINDOWS\ZHUCMW.exe<---This file
C:\WINDOWS\System32\ms7531.exe<---This file
C:\Program Files\MediaUpdate\<---This folder
C:\Program Files\Kazaa\<---This folder
C:\Program Files\Hotbar\<---This folder
C:\Program Files\NavEnhance\<---This folder
c:\program files\altnet\<---This folder
C:\Documents and Settings\Edmond\Application Data\S?mantec\<---This folder
Now Restart in Normal Mode
Gogo
First goto ControlPanel Add/Remove Programs look for these itmes
here if there Uninstall/Remove them.
MediaUpdate
Kazaa
Hotbar
NavEnhance
altnet
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: ykaxyrujgkdksxrekrpl - {0ad3b495-80bd-4826-984e-65ebe7891fca} - C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll (disabled by BHODemon)
O2 - BHO: (no name) - {0B9D112A-9CC0-491D-ADCD-FAB32C265A1F} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\rvjxoisp.dll (file missing)
O2 - BHO: (no name) - {6E3A0E38-2E5F-416D-AD25-BAF3A745F792} - (no file)
O2 - BHO: (no name) - {8216104F-85A6-AC5B-D8AA-D228947367CF} - C:\WINDOWS\system32\ojrnlt.dll (file missing)
O2 - BHO: (no name) - {EB1B6578-6635-43E1-8103-626FF6FA1CA0} - C:\WINDOWS\system32\awtsp.dll (file missing)
O4 - HKLM\..\Run: [ZHUCMW] C:\WINDOWS\ZHUCMW.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\System32\ms7531.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\Hbinst.exe /Upgrade
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [Tvt] C:\Documents and Settings\Edmond\Application Data\S?mantec\m?iexec.exe
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O20 - Winlogon Notify: winjnt32 - winjnt32.dll (file missing)
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Restart your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe Mode.
- Login on your usual account.
Next do a file and folder Search for these items if found delete them
C:\WINDOWS\system32\winjnt32<---This file
C:\WINDOWS\system32\ojrnlt.dll<---This file
C:\DOCUME~1\Edmond\APPLIC~1\ooomthchr.dll<---This file
C:\WINDOWS\system32\rvjxoisp.dll<---This file
C:\WINDOWS\system32\ojrnlt.dll<---This file
C:\WINDOWS\system32\awtsp.dll<---This file
C:\WINDOWS\ZHUCMW.exe<---This file
C:\WINDOWS\System32\ms7531.exe<---This file
C:\Program Files\MediaUpdate\<---This folder
C:\Program Files\Kazaa\<---This folder
C:\Program Files\Hotbar\<---This folder
C:\Program Files\NavEnhance\<---This folder
c:\program files\altnet\<---This folder
C:\Documents and Settings\Edmond\Application Data\S?mantec\<---This folder
Now Restart in Normal Mode
Gogo
things are great at this end ...thank you for all your help..it was greatly appreciated
I will donate some thing when I get some money...really in a bind at teh moment and your help was great
take care Gogo
Crux
Hey,crux
No problem but you should post one more HijackThis logfile.
you have some more steps to take here you had a ton of stuff
that had to go and it may take more work to get you all clean
so please show us one more logfile.
Gogo
No problem but you should post one more HijackThis logfile.
you have some more steps to take here you had a ton of stuff
that had to go and it may take more work to get you all clean
so please show us one more logfile.
Gogo
QUOTE(HJThis @ Dec 14 2006, 07:12 AM)
Hey,crux
No problem but you should post one more HijackThis logfile.
you have some more steps to take here you had a ton of stuff
that had to go and it may take more work to get you all clean
so please show us one more logfile.
Gogo
No problem but you should post one more HijackThis logfile.
you have some more steps to take here you had a ton of stuff
that had to go and it may take more work to get you all clean
so please show us one more logfile.
Gogo
No problem doc ......just tell me how it looks.....here is my Hijackthis logfile
Logfile of HijackThis v1.99.1
Scan saved at 11:28:31 PM, on 12/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\AutoCAD 2007\acad.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Common Files\Autodesk Shared\AcHelp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164345584390
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (EposActiveX Viewer Plugin) - http://www.s3dquote.com/EposActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95185E56-851C-45D5-9C34-6306527956B0}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac9iosass - Intel Corporation - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hi,crux
Wow you are looking way better here.
Goto ControlPanel Add/Remove Programs and look for these itmes
here if found Uninstall/Remove them.
SpyBlast
Gator or Gain
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!
Copy all the text contained in the code box below to your Clipboard.
NOTE: don't copy the word quote
The above script is for this user only, if you need help please start your own thread.
Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.
After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of C:\avenger.txt into your reply along with a fresh HijackThis! log.
Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.
Gogo
Wow you are looking way better here.
Goto ControlPanel Add/Remove Programs and look for these itmes
here if found Uninstall/Remove them.
SpyBlast
Gator or Gain
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!
Copy all the text contained in the code box below to your Clipboard.
NOTE: don't copy the word quote
QUOTE
folders to delete:
C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1
C:\Program Files\SpyBlast
C:\Program Files\Common Files\GMT
C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1
C:\Program Files\SpyBlast
C:\Program Files\Common Files\GMT
The above script is for this user only, if you need help please start your own thread.
Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.
After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of C:\avenger.txt into your reply along with a fresh HijackThis! log.
Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.
Gogo
QUOTE(HJThis @ Dec 15 2006, 06:09 AM)
Hi,crux
Wow you are looking way better here.
Goto ControlPanel Add/Remove Programs and look for these itmes
here if found Uninstall/Remove them.
SpyBlast
Gator or Gain
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!
Copy all the text contained in the code box below to your Clipboard.
NOTE: don't copy the word quote
The above script is for this user only, if you need help please start your own thread.
Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.
After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of C:\avenger.txt into your reply along with a fresh HijackThis! log.
Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.
Gogo
Wow you are looking way better here.
Goto ControlPanel Add/Remove Programs and look for these itmes
here if found Uninstall/Remove them.
SpyBlast
Gator or Gain
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O4 - HKLM\..\Run: [tchoo] C:\DOCUME~1\EDMOND~1\APPLIC~1\frllckgl.exe -QuieT
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!
Copy all the text contained in the code box below to your Clipboard.
NOTE: don't copy the word quote
The above script is for this user only, if you need help please start your own thread.
Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.
After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of C:\avenger.txt into your reply along with a fresh HijackThis! log.
Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.
Gogo
Did what you said but I think that the log for the Avenger log went wrong.. I did all the steps correctly yet the log file it returned wont let me copy and past it as well as cutting it out...the log file said..I typed this out
Logfile of the Avenger Version 1, By Swandog46
running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qnjftt
****************
Script file located at:ermljqts
Could not open script file! Error
Could not open script file!Status: 0xc000003b Abort!
hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 4:47:50 PM, on 12/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164345584390
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (EposActiveX Viewer Plugin) - http://www.s3dquote.com/EposActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95185E56-851C-45D5-9C34-6306527956B0}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac9iosass - Intel Corporation - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hi,crux
Goto ControlPanel Add/Remove Programs look for these items
here if there Uninstall/Remove them.
SpyBlast
Gator or Gain
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Restart your computer in Safe Mode.
Next do a file Search & delete these folders
C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\<---This folder
C:\Program Files\SpyBlast\<---This folder
C:\Program Files\Common Files\GMT\<---This folder
Now Restart in Normal Mode tell me how it is now.
Gogo
Goto ControlPanel Add/Remove Programs look for these items
here if there Uninstall/Remove them.
SpyBlast
Gator or Gain
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Restart your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe Mode.
- Login on your usual account.
Next do a file Search & delete these folders
C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\<---This folder
C:\Program Files\SpyBlast\<---This folder
C:\Program Files\Common Files\GMT\<---This folder
Now Restart in Normal Mode tell me how it is now.
Gogo
QUOTE(HJThis @ Dec 16 2006, 01:46 AM)
Hi,crux
Goto ControlPanel Add/Remove Programs look for these items
here if there Uninstall/Remove them.
SpyBlast
Gator or Gain
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Restart your computer in Safe Mode.
Next do a file Search & delete these folders
C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\<---This folder
C:\Program Files\SpyBlast\<---This folder
C:\Program Files\Common Files\GMT\<---This folder
Now Restart in Normal Mode tell me how it is now.
Gogo
Goto ControlPanel Add/Remove Programs look for these items
here if there Uninstall/Remove them.
SpyBlast
Gator or Gain
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O4 - HKCU\..\Run: [Ebbs] "C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
Restart your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe Mode.
- Login on your usual account.
Next do a file Search & delete these folders
C:\DOCUME~1\Edmond\MYDOCU~1\SSTEM~1\<---This folder
C:\Program Files\SpyBlast\<---This folder
C:\Program Files\Common Files\GMT\<---This folder
Now Restart in Normal Mode tell me how it is now.
Gogo
Every thing is running great!!!!!!!!!!! Thanks a bunch!!!
Here is another log from Hijack
Logfile of HijackThis v1.99.1
Scan saved at 10:01:33 PM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
F:\program files 2\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164345584390
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (EposActiveX Viewer Plugin) - http://www.s3dquote.com/EposActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95185E56-851C-45D5-9C34-6306527956B0}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac9iosass - Intel Corporation - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - F:\program files 2\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
much thanks and take care
Hey,crux
All i can say is you did one hell of a job on this you had a ton of junk
on this PC.now do these last steps here and please have a long look
at the link at the bottom of what i am about to post for you.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
Next, let's clean your restore points and set a new one
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* CHECK Turn off System Restore.
* Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.
System Restore will now be active again.
Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.
Clean out your Temporary Internet files.
Internet Explorer
Close Internet Explorer and close any instances of Windows Explorer.
Click Start -> Control Panel and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
And please have a look at the great info by Mr,TK
So how did I get infected in the first place
Gogo
All i can say is you did one hell of a job on this you had a ton of junk
on this PC.now do these last steps here and please have a long look
at the link at the bottom of what i am about to post for you.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
Next, let's clean your restore points and set a new one
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* CHECK Turn off System Restore.
* Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.
System Restore will now be active again.
Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.
Clean out your Temporary Internet files.
Internet Explorer
Close Internet Explorer and close any instances of Windows Explorer.
Click Start -> Control Panel and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
And please have a look at the great info by Mr,TK
So how did I get infected in the first place
Gogo
QUOTE(HJThis @ Dec 18 2006, 07:13 AM)
Hey,crux
All i can say is you did one hell of a job on this you had a ton of junk
on this PC.now do these last steps here and please have a long look
at the link at the bottom of what i am about to post for you.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
Next, let's clean your restore points and set a new one
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* CHECK Turn off System Restore.
* Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.
System Restore will now be active again.
Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.
Clean out your Temporary Internet files.
Internet Explorer
Close Internet Explorer and close any instances of Windows Explorer.
Click Start -> Control Panel and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
And please have a look at the great info by Mr,TK
So how did I get infected in the first place
Gogo
All i can say is you did one hell of a job on this you had a ton of junk
on this PC.now do these last steps here and please have a long look
at the link at the bottom of what i am about to post for you.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
Next, let's clean your restore points and set a new one
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* CHECK Turn off System Restore.
* Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.
System Restore will now be active again.
Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.
Clean out your Temporary Internet files.
Internet Explorer
Close Internet Explorer and close any instances of Windows Explorer.
Click Start -> Control Panel and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
And please have a look at the great info by Mr,TK
So how did I get infected in the first place
Gogo
Thank you for all the help ...I really don't know how I got all that junk on there but I have a few hunches.
I also read the link about "so how did I get infected" thanks for the info. I was wondering though I am looking to swich over to Modzila Fire Fox. Is that wise???If so are they any extra security messures one can take with firefox? Should I have IE as a back up for some things. If so which would be the default??
Thanks again for all of your help and have a great Holiday.
Crux
Hey,crux
Yes get away from IE and go for Firefox a lot more safe and
make firefox the default i use Firefox for going on web and
also Opera and i have to say i love both of them.
when you install firefox make sure to add these here
NoScript
and DownThemAll!
when you start Firefox goto tool then Extensions
and i use IE for windows update that's it.
Gogo
Yes get away from IE and go for Firefox a lot more safe and
make firefox the default i use Firefox for going on web and
also Opera and i have to say i love both of them.
when you install firefox make sure to add these here
NoScript
and DownThemAll!
when you start Firefox goto tool then Extensions
and i use IE for windows update that's it.
Gogo
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.