|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 DESPERATE!! AIM Beach/Pictures Virus(Click here to view the original thread with full colors/images)Posted by: Pilotwings119 I've been searching and searching the internet and other forums for HOURS and HOURS about the AIM BEACH PICTURES VIRUS and i've followed ALL directions and downloads that experts have suggested, but it's not working for me! I downloaded HijackThis, but did not see any of the items that people have said to delete! If anyone can find what I need to delete and tell me what I need to do next that would be so awesome. Email me, PM me, reply- anything! [COLOR=red][U]IF YOU READ THIS AND HAVE EVEN THE SLIGHTEST COMMENT, PLLLEAASE IM ME on AIM Pilotwings119 !! THANK YOU!!!![/U] [/COLOR] Logfile of HijackThis v1.99.1 Scan saved at 7:33:26 PM, on 3/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\BITDEFENDERX.EXE C:\WINDOWS\System32\ups.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\HomeKeylogger\KeyLogger.exe C:\Program Files\CompuServe 7.0\wcs2000.exe C:\Program Files\Maxthon\Maxthon.exe C:\Program Files\AIM\aim.exe C:\Documents and Settings\Steven Fleuriet\Desktop\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://g.msn.com/0SEENUS/SAOS10[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.begin2search.com/sidesearch.html[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.geeks.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.begin2search.com/sidesearch.html[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R3 - URLSearchHook: (no name) - {C47F00BD-ACEC-3F2F-4843-F6BDC5CBABBC} - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O1 - Hosts: 216.130.185.143 [url]www.adwave.com[/url] O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 [url]www.xzoomy.com[/url] O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 [url]www.advnt01.com[/url] O1 - Hosts: 216.130.185.143 advnt01.com O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [HomeKeyLogger] C:\Program Files\HomeKeylogger\KeyLogger.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\RunOnce: [BitDefender Antivirus] BITDEFENDERX.EXE O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe O4 - Global Startup: APC UPS Status.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - [url]https://www.spydeleter.com/order2.php?KBID=1062[/url] (file missing) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [url]http://us.dl1.yimg.com/download.yah...utocomplete.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://download.macromedia.com/pub...ash/swflash.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{0B020661-A04B-47BD-98B6-2FC7BBC2151F}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B020661-A04B-47BD-98B6-2FC7BBC2151F}: NameServer = 205.188.146.145 O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Posted by: rstones12 Pilotwings119, We are going to need to remove a few things, but first I would like you do to the following. Please download hoster from the link below. [url=http://members.aol.com/toadbee/hoster.zip]http://members.aol.com/toadbee/hoster.zip[/url] Open Hoster.exe. Then click on "Restore Original Hosts" Close program when complete. I have outlined some preliminary steps that we need to address. [b]You may want to print out these intructions for reference.[/b] This process will take a few steps so please be patient and follow the provided directions. [b][1.][/b] First Download [url=http://cwshredder.net/bin/CWShredder.exe][color=blue]CWShredder[/color][/url] And save it to your desktop. Close all open browser windows and any other open windows. Install CWShredder, then: Open CWS and click [b]Check for Updates[/b] Then click [b]"FIX"[/b] I see that you are using Nod32 Virus Scan. I suggest doing an online scan just as a secondary check. [b][2.][/b] Please run this online scan, allow it to delete anything it finds: You may have to select auto-fix prior to scanning, it should be a selection box on the screen.[list][url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][color=blue]Panda ActiveScan[/color][/url] [/list]Please make a note of anything that wasn't or couldn't be fixed. [b][3.][/b] You may have run these programs already, make sure they are up to date and run per provided instructions. Current Versions are: [b]Spybot S&D Ver: 1.3[/b] [url=http://www.safer-networking.org/en/download/index.html][color=blue]Download Here[/color][/url] [b]Ad-Aware SE Build 1.05[/b] [url=http://www.majorgeeks.com/download506.html][color=blue]Download Here[/color][/url] Download and install both Spybot S&D and Ad-Aware SE. Instructions: [b]Spybot S&D:[/b] Go to your Start Menu >> Programs >> Spybot S&D >> then choose Spybot S&D. [b]*[/b]Close [b]ALL [/b]windows except Spybot S&D [b]*[/b]Click the button to [b]"Search for Updates"[/b] and download and install the Updates. [b]*[/b]Close Spybot then launch it again [b]*[/b]Click the button [b]"Check for Problems" [/b] [b]*[/b]When Spybot is done scanning, it will be showing "RED" (RED) entries, "BLACK" entries and "GREEN" (GREEN) entries in the window [b]*[/b]Put a check mark beside the RED [color=red](RED) entries ONLY.[/color] [b]*[/b]Choose "Fix Selected Problems" and allow Spybot to fix the RED [color=red](RED)[/color] entries. [b]Ad-Aware SE FULL SCAN:[/b] Go to your Start Menu >> Programs >> Lavasoft Ad-Aware SE >> then choose Ad-Aware SE Personal. When the main window opens look in the bottom right corner and click on [b]Check For Updates Now[/b] then click Connect and download the latest reference files. From main window: [b]*[/b]Click Start then under Select a scan Mode check [b]Perform Full System Scan.[/b] [b]*[/b]Next [color=red]deselect [/color]Search for negligible risk entries. [b]*[/b]To scan just click the [b]Next[/b] button. When the scan has finished [b]mark everything for removal [/b]and get rid of it. [i](Right-click the window and choose [b]select all[/b] from the drop down menu and click Next)[/i] The program will ask if you want to fix/delete selected items, choose yes/fix. [b][4.][/b] Enable show hidden files and folders: * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. [b][5.][/b] [b]Update[/b] your current Virus Scan Definitions: [b][6.][/b] Reboot into Safe Mode and [b]Scan[/b] with Spybot S&D and Ad-Aware SE Scan your drive(s) with your updated Norton Virus Scan. Empty Your Recycle Bin. [b][7.][/b] Reboot normally and post a new HJT log by using [b]Post Reply[/b]: Thanks, rstones12 Posted by: Pilotwings119 First off, I dont know what Nod32 Virus Scan is. I use AVG Free Edition, and I have performed a complete system scan with it. I don't have Norton Antivirus either. Therefore, i cannot entirely complete steps 5 and 6. 1. CWShredder - Done 2. Panda ActiveScan - error in downloading components for scanning, so i could not complete 3. SpyBot- Have that version, checked for updates, and scanned 3. Ad-Aware- Downloaded the updated version (had 6.0), checked for updates, and scanned. I had no idea my version was out of date! It picked up 256 critical objects, and ZERO with the other version!! That's amazing. 4. Done 7. Done I didn't have time to test if I still had the AIM Away Message problem, but I know i DO STILL have the problem with not being able to get into Task Manager, Regedit, and MSCONFIG. It opens for a second, but then closes. This is still the same virus or whatever. I hope you can help me fix this!! Thanks so much for your help! Email me at: [email]Pilotwings119@cs.com[/email] [email]Pilotwings119@yahoo.com[/email] IM me on AIM Pilotwings119 Posted by: rstones12 Can you post a new HJT log, I will take a look at it and give you some recommedations. Thanks, rstones12 Posted by: Pilotwings119 oh dang i forgot to do that- sorry- im at school right now, so i cant do it, but i definitely will right when i get home! Posted by: rstones12 No problem. Just do it when you get time. rstones12 Posted by: Pilotwings119 ok- do you think this will get fixed? are there many other steps i can take to remove it, or is this near the end of the line? I talked to another guy who had this virus and was not able to get rid of it and ended up having to reformat his computer. i reeeally do NOT want to have to do that!!:eek: Posted by: rstones12 Its hard to say without looking at a new HJT log. rstones12 Posted by: Pilotwings119 ok:nerd: Posted by: Pilotwings119 Logfile of HijackThis v1.99.1 Scan saved at 7:33:26 PM, on 3/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\BITDEFENDERX.EXE C:\WINDOWS\System32\ups.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\HomeKeylogger\KeyLogger.exe C:\Program Files\CompuServe 7.0\wcs2000.exe C:\Program Files\Maxthon\Maxthon.exe C:\Program Files\AIM\aim.exe C:\Documents and Settings\Steven Fleuriet\Desktop\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://g.msn.com/0SEENUS/SAOS10[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.begin2search.com/sidesearch.html[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.geeks.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.begin2search.com/sidesearch.html[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[/url] R3 - URLSearchHook: (no name) - {C47F00BD-ACEC-3F2F-4843-F6BDC5CBABBC} - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O1 - Hosts: 216.130.185.143 [url]www.adwave.com[/url] O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 [url]www.xzoomy.com[/url] O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 [url]www.advnt01.com[/url] O1 - Hosts: 216.130.185.143 advnt01.com O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [HomeKeyLogger] C:\Program Files\HomeKeylogger\KeyLogger.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\RunOnce: [BitDefender Antivirus] BITDEFENDERX.EXE O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe O4 - Global Startup: APC UPS Status.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - [url]https://www.spydeleter.com/order2.php?KBID=1062[/url] (file missing) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{0B020661-A04B-47BD-98B6-2FC7BBC2151F}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B020661-A04B-47BD-98B6-2FC7BBC2151F}: NameServer = 205.188.146.145 O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Posted by: rstones12 OK, Ready to go, this will take a couple of fixes so please be patient and follow the instructions [b]in order[/b]. [b]You may want to print out the instructions for a reference[/b] [b]1.[/b] Go to your Control Panel then Add-Remove Programs: Remove the following items if found or any variation: [b]SideSearch Wild Tangent Bargin Buddy[/b] [b]2.[/b] Please download hoster from the link below. [url=http://members.aol.com/toadbee/hoster.zip]http://members.aol.com/toadbee/hoster.zip[/url] Open Hoster.exe. Then click on "Restore Original Hosts" Close program when complete. [b]3.[/b] Scan with HJT this and place a checkmark next to the following items, do not fix anything just yet. [b] R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.begin2search.com/sidesearch.html[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R3 - URLSearchHook: (no name) - {C47F00BD-ACEC-3F2F-4843-F6BDC5CBABBC} - (no file) O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file) O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file) O4 - HKCU\..\RunOnce: [BitDefender Antivirus] BITDEFENDERX.EXE O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - [url]https://www.spydeleter.com/order2.php?KBID=1062[/url] (file missing) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [url]http://us.dl1.yimg.com/download.yah...utocomplete.cab[/url] [/b] Close all browsers and open windows except HJT and click [b]"Fix Checked"[/b] [b]4.[/b] Enable show hidden files and folders. Windows XP * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. [b]5.[/b] Reboot into Safe Mode, you can do this by tapping the F8 key while your system restarts. [b]6.[/b] Search and remove the following if found: [b]BITDEFENDERX.EXE[/b]<-- Just the file. [b]7.[/b] Delete your temp files: Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Empty your recycle bin: Reboot and post back a new HJT log by using [b]Post a Reply"[/b] Thanks, rstones12 Posted by: Pilotwings119 Some of the files that you said to check, oddly enough, were not there?! I followed all the other instructions however. Logfile of HijackThis v1.99.1 Scan saved at 7:33:26 PM, on 3/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\BITDEFENDERX.EXE C:\WINDOWS\System32\ups.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\HomeKeylogger\KeyLogger.exe C:\Program Files\CompuServe 7.0\wcs2000.exe C:\Program Files\Maxthon\Maxthon.exe C:\Program Files\AIM\aim.exe C:\Documents and Settings\Steven Fleuriet\Desktop\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://g.msn.com/0SEENUS/SAOS10[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.begin2search.com/sidesearch.html[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.geeks.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.begin2search.com/sidesearch.html[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[/url] R3 - URLSearchHook: (no name) - {C47F00BD-ACEC-3F2F-4843-F6BDC5CBABBC} - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O1 - Hosts: 216.130.185.143 [url]www.adwave.com[/url] O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 [url]www.xzoomy.com[/url] O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 [url]www.advnt01.com[/url] O1 - Hosts: 216.130.185.143 advnt01.com O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [HomeKeyLogger] C:\Program Files\HomeKeylogger\KeyLogger.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\RunOnce: [BitDefender Antivirus] BITDEFENDERX.EXE O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe O4 - Global Startup: APC UPS Status.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - [url]https://www.spydeleter.com/order2.php?KBID=1062[/url] (file missing) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{0B020661-A04B-47BD-98B6-2FC7BBC2151F}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B020661-A04B-47BD-98B6-2FC7BBC2151F}: NameServer = 205.188.146.145 O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Posted by: Pilotwings119 AH YES!!!! I LOVE YOU!!! I can now open task manager, msconfig, and regedit!!! I dont know about AIM because i uninstalled it. BITDEFENDER.exe appears in my startup in msconfig- what should i do? BTW, i could NOT find BITDEFENDER on my computer so i couldnt delete it. Posted by: rstones12 This is an old HJT log please post a new one. [quote]Logfile of HijackThis v1.99.1 Scan saved at 7:33:26 PM, on 3/6/2005[/quote] Thanks, rstones12 Posted by: Pilotwings119 sorry Logfile of HijackThis v1.99.1 Scan saved at 6:07:23 PM, on 3/7/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\ups.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\CompuServe 7.0\wcs2000.exe C:\Program Files\Maxthon\Maxthon.exe C:\Program Files\Maxthon\Maxthon.exe C:\Documents and Settings\Steven Fleuriet\Desktop\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.geeks.com/[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe O4 - Global Startup: APC UPS Status.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{0B020661-A04B-47BD-98B6-2FC7BBC2151F}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B020661-A04B-47BD-98B6-2FC7BBC2151F}: NameServer = 205.188.146.145 O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Posted by: rstones12 Things are looking much better, how is your system running. We have a couple of clean up items and that should take care of it. Are you running two anti-virus programs? Did you enable show system files. I still see [b]BITDEFENDERX.EXE[/b] as a file. And did you delete your temp files as posted. Let me know of this update. Thanks, rstones12 Posted by: Pilotwings119 i did delete all the temp files- i bet thats what cleared this virus out, because it took about 5 minutes to clear them all out. i haven't completely tried to delete the file- when i get around to restarting in safe mode, i'll look for it further and post another log to you. Posted by: rstones12 Pilotwings119, Before going into safe mode do the following. Scan with HJT and place a checkmark next to the following items. [b] O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\" [/b] Close all browsers and open windows and click [b]Fix Checked[/b] Then boot into Safe Mode and remove the following if found: [b]BITDEFENDERX.EXE DELDIR0.EXE[/b] Reboot and post back a new HJT log by using [b]Post a Reply[/b] Thanks, rstones12 Posted by: evelmunkey Another good thing to do is make sure you are up to date with microsoft updates. Posted by: Pilotwings119 yeah ive done all updates -thnx rstones- i'll do as instructed, and then post another log THANKS ALL!!:D Posted by: Pilotwings119 i DID find those 2 files, and deleted them. Logfile of HijackThis v1.99.1 Scan saved at 6:57:24 PM, on 3/8/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Steven Fleuriet\Desktop\Extras\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.geeks.com/[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe O4 - Global Startup: APC UPS Status.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url] O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Posted by: rstones12 Pilotwings119, Your log is looking good, any further issues. Here are some recommended threads for reading. I would suggest you take a look at them. [url]http://www.tech-forums.net/showthread.php?s=&threadid=36259[/url] [url]http://www.tech-forums.net/showthread.php?s=&threadid=35181[/url] Thanks, rstones12 vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |