|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 Just another HJT scan, needing help..(Click here to view the original thread with full colors/images)Posted by: do_the_dew910 Hello all, I'm glad to be here, knowing yall can help me I've ran all my spyware removers, defragmented( know that dosent help with spyware but oh well figured id tell you it all) virus scan and all that, even went to bitdefender scan online and scanned, now im here posting my HJT logg... Logfile of HijackThis v1.99.1 Scan saved at 6:40:40 PM, on 9/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Warez P2P Client\warez.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TangoManager.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Avant Browser\avant.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://windowsupdate.microsoft.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Cody's Internet Explorer R3 - URLSearchHook: (no name) - {010A4EB1-25D8-A586-8467-581A49B3AEF1} - C:\WINDOWS\Ozofqrvl.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing) O2 - BHO: (no name) - {1C3338E1-A4EB-6284-7EB4-2A6348450E5A} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200 O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - [url]http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab[/url] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url] O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://www.bitdefender.com/scan8/oscan8.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114539230812[/url] O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - [url]https://www.gamespyid.com/alaunch.cab[/url] O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - [url]http://www.pacimedia.com/install/pcs_0009.exe[/url] O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/radio/ampx2.6.1.7_en_dl.cab[/url] O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - [url]http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[/url] O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - [url]https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab[/url] O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - [url]https://care.alltel.com/lwp/static/installers/ALLTELControls.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{28452BEC-32CE-4AF9-9C3C-550EF8339B11}: NameServer = 166.102.165.11 166.102.165.13 O17 - HKLM\System\CS1\Services\Tcpip\..\{28452BEC-32CE-4AF9-9C3C-550EF8339B11}: NameServer = 166.102.165.11 166.102.165.13 O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe thanks again, I don't see how you can put up with. let alone help, all the stupid people out there like me... Later ~Cody~ Posted by: CrAzY_GaMeR_07 remove O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll thats the only BAD thing i saw right off.... you have alot of toolbars and stuff though, do you want thos? [url]http://hjt.iamnotageek.com/parse.php?log=103228[/url] (your log) ~Joe Posted by: do_the_dew910 i dont want those toolbars...i use avant and it cant have toolbars...and on my internet explorer...if i ever get on it, it only has like two, can you please give me all the ones to delete, that are toolbars.. Posted by: do_the_dew910 **update** it wouldent let me delete O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll and told me to download some program to delete it...i figured id ask on here first Posted by: CrAzY_GaMeR_07 what spyware/virus programs do u have? look at the link for removing toolbars.... Joe Posted by: do_the_dew910 Ad-aware Se, Spyboy Search and Destroy, Zone-alarms, Norton System works 2002 Posted by: CrAzY_GaMeR_07 did u scan with all?? repost your new log now... ~Joe Posted by: do_the_dew910 new logs, and i scanned at the begining, i wasent sure if you wanted me to scan again now, and scanning takes forever for me, so ill scan tomorrow, when im going somewhere...lol, heres my log Logfile of HijackThis v1.99.1 Scan saved at 8:29:52 PM, on 9/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TangoManager.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Avant Browser\avant.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://windowsupdate.microsoft.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Cody's Internet Explorer R3 - URLSearchHook: (no name) - {010A4EB1-25D8-A586-8467-581A49B3AEF1} - C:\WINDOWS\Ozofqrvl.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file) O2 - BHO: (no name) - {1C3338E1-A4EB-6284-7EB4-2A6348450E5A} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200 O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - [url]http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab[/url] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url] O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - [url]http://www.shizmoo.com/activex/web665.cab[/url] O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://www.bitdefender.com/scan8/oscan8.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114539230812[/url] O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - [url]https://www.gamespyid.com/alaunch.cab[/url] O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - [url]http://www.pacimedia.com/install/pcs_0009.exe[/url] O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/radio/ampx2.6.1.7_en_dl.cab[/url] O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - [url]http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[/url] O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - [url]https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab[/url] O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - [url]https://care.alltel.com/lwp/static/installers/ALLTELControls.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{28452BEC-32CE-4AF9-9C3C-550EF8339B11}: NameServer = 166.102.165.11 166.102.165.13 O17 - HKLM\System\CS1\Services\Tcpip\..\{28452BEC-32CE-4AF9-9C3C-550EF8339B11}: NameServer = 166.102.165.11 166.102.165.13 O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Posted by: MicroBell [b]Hi and Welcome to TF[/b] Please take advice only from security experts that deal with the stuff every day. DO NOT remove or try to remove the 010 entry as it's LEGIT!! Please [B][COLOR=Red][SIZE=4]DISABLE[/SIZE][/COLOR][/B] spybot's teatimer and [B][COLOR=Red][SIZE=4]LEAVE IT OFF[/SIZE][/COLOR][/B] until the fix is complete! Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. [list] [*] [URL=http://www.lavasoftusa.com/support/download/][B][COLOR=Purple]Ad-Aware® SE Personal Edition[/COLOR][/B][/URL] [COLOR=Red][B]*Note*[/B][/COLOR] For Ad-AwareSE also install the [URL=http://www.lavasoft.de/software/addons/vx2cleaner.shtml][B][COLOR=Purple]VX2 Addon Cleaner[/COLOR][/B][/URL] To run this tool once Adaware is updated click on [B]Add-ons [/B] in the lefthand column. Select [B]VX2 Cleaner V2.0[/B] and click [B]Run Tool[/B]. Click [B]"OK"[/B] , then, if something is found, click [B]"Clean"[/B] as in the directions given. Click "Close", and exit Ad-Aware. [*] [URL=http://www.majorgeeks.com/download2471.html][B][COLOR=Purple]Spybot Search & Destroy[/COLOR][/B][/URL] [*] [URL=http://www.trendmicro.com/cwshredder/][B][COLOR=Purple]CWShredder[/COLOR][/B][/URL][/list] Also make sure you are using the the latest version (1.99.1) of [URL=http://www.majorgeeks.com/download3155.html][B][COLOR=Purple]HijackThis[/COLOR][/B][/URL] and it's installed in it's own folder on the root drive. [color=red][B](C:\HJT)[/B][/color] Please go to at least two of these sites and run an online Virus Scan. Be sure to have the AutoFix box(es) checked. [url]http://housecall.trendmicro.com/[/url] [url]http://www3.ca.com/virusinfo/virusscan.aspx[/url] [url]http://www.pandasoftware.com/activescan/com/activescan_principal.htm[/url] [url]http://www.bitdefender.com/scan/license.php[/url] [url]http://us.mcafee.com/root/mfs/default.asp[/url] [url]http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym[/url] [url]http://www3.ca.com/virusinfo/virusscan.aspx[/url] Download and install [URL=http://cleanup.stevengould.org][b][color=blue]Cleanup[/color][/b][/URL] but [b]DO NOT[/b] run it yet! [b][color=red]*WARNING*[/color] Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.[/b] Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible. Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s [b]NOT[/b] checked. We want system restore [b]ON[/b] and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry) [b]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R3 - URLSearchHook: (no name) - {010A4EB1-25D8-A586-8467-581A49B3AEF1} - C:\WINDOWS\Ozofqrvl.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file) O2 - BHO: (no name) - {1C3338E1-A4EB-6284-7EB4-2A6348450E5A} - (no file) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - [url]http://www.uproar.com/applets/activ...pside_web18.cab[/url] O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - [url]http://www.shizmoo.com/activex/web665.cab[/url] O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)[/b] C:\WINDOWS\[b]cfgmgr52.dll[/b] <--delete that file C:\WINDOWS\[b]Ozofqrvl.dll[/b] <--delete that file Open [b]Cleanup![/b] by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "[b]Options...[/b]" *Move the arrow down to "[b]Custom CleanUp![/b]" *Put a check next to the following:[list] [*]Empty Recycle Bins [*]Delete Cookies [*]Delete Prefetch files [X]Scan local drives for temporary files[b] (Please uncheck this option)[/b] [*]Cleanup! All Users [/list]Click [b]OK[/b] Press the [b]CleanUp![/b] button to start the program. Reboot/logoff when prompted. Once back to normal mode... Please run an online scan at [url]http://www.pandasoftware.com/activescan/com/activescan_principal.htm[/url] Once it has finished save the activescan log. Then post that log in your next post along with a new hijackthis log. Posted by: CrAzY_GaMeR_07 tx mirco Posted by: do_the_dew910 OK All thats done Heres Panda Logg ------------------------------------------------------------------------------------ Incident Status Location Adware:adware/cws.searchmeup No disinfected C:\WINDOWS\SYSTEM32\bose.ico Spyware:spyware/safesurf No disinfected C:\WINDOWS\SYSTEM32\InstallerV3.exe Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini Adware:adware/apropos No disinfected C:\PROGRAM FILES\Aprps Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CasStub Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs Spyware:spyware/betterinet No disinfected Windows Registry Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Cas\Client\Uninstall.exe Adware:Adware/StartPage.AHW No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP132\A0037426.dll Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP132\A0037471.EXE Adware:Adware/StartPage.AHW No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0039444.dll Adware:Adware/BookedSpace No disinfected C:\WINDOWS\oozidfgn.exe Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\rk.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system\QBUninstaller.exe Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\system32\InstallerV3.exe Adware:Adware/BigTrafficNet No disinfected C:\WINDOWS\system32\nsr17.dll Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\system32\redtrsha.dll Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\system32\richedtr.dll Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\system32\richup.exe Adware:Adware/BigTrafficNet No disinfected C:\WINDOWS\system320nsa34E0 ------------------------------------------------------------------------------------ heres the hjt log ------------------------------------------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 7:42:04 PM, on 9/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TangoManager.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\iTunes\iTunes.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://windowsupdate.microsoft.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Cody's Internet Explorer O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file) O2 - BHO: (no name) - {1C3338E1-A4EB-6284-7EB4-2A6348450E5A} - (no file) O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200 O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url] O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://www.bitdefender.com/scan8/oscan8.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114539230812[/url] O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - [url]https://www.gamespyid.com/alaunch.cab[/url] O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - [url]http://www.pacimedia.com/install/pcs_0009.exe[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5free/asinst.cab[/url] O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/radio/ampx2.6.1.7_en_dl.cab[/url] O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - [url]http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[/url] O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - [url]https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab[/url] O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - [url]https://care.alltel.com/lwp/static/installers/ALLTELControls.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{28452BEC-32CE-4AF9-9C3C-550EF8339B11}: NameServer = 166.102.165.11 166.102.165.13 O17 - HKLM\System\CS1\Services\Tcpip\..\{28452BEC-32CE-4AF9-9C3C-550EF8339B11}: NameServer = 166.102.165.11 166.102.165.13 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ------------------------------------------------------------------------------------ Thanks in advance by the way, im already noticing an increase in speed on loading programs, and whatnot Posted by: MicroBell :confused: Which part of this did you not understand??? Please [B][COLOR=Red][SIZE=6]DISABLE[/SIZE][/COLOR][/B] spybot's teatimer and [B][COLOR=Red][SIZE=6]LEAVE IT OFF[/SIZE][/COLOR][/B] until the fix is complete! It's running in your log and therefor has BLOCKED the entrys we are trying to remove!!!!! Rerun the fix again!! Then Download [b]KillBox[/b] [url]http://www.bleepingcomputer.com/files/spyware/KillBox.zip[/url] Reboot into safe mode.... Delete the following folders... C:\PROGRAM FILES\[b]Aprps[/b] C:\PROGRAM FILES\[b]CasStub[/b] C:\WINDOWS\SYSTEM32\[b]cache32dsrf4535dfs[/b] C:\WINDOWS\[b]system320nsa34E0[/b] C:\Program Files\[b]Cas[/b] Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says [b]"Delete on Reboot"[/b] and checkmark the box [b]"Unregister DLL"[/b] (If available) Click the RED X and it will ask you to confirm the file for deletion…say [b]YES[/b] and when the next box opens prompting you to reboot now...click [b]NO[/b]...and proceed with the next file. Once you get to the last one click [b]YES[/b] and it will reboot. [b]C:\WINDOWS\SYSTEM32\bose.ico C:\WINDOWS\SYSTEM32\InstallerV3.exe C:\WINDOWS\SYSTEM\QBUninstaller.exe C:\WINDOWS\system32\nsr17.dll C:\WINDOWS\system32\redtrsha.dll C:\WINDOWS\system32\richedtr.dll C:\WINDOWS\system32\richup.exe C:\WINDOWS\oozidfgn.exe C:\WINDOWS\rk.exe[/b] Once you reboot...run another Panda scan and post it's log along with another hijackthis log. Posted by: do_the_dew910 woops....sorry for the screw up, getting on the fix again...will post logs later- Posted by: do_the_dew910 here are the new results ---------------------------------------------------------------------------------- Panda Scan ---------------------------------------------------------------------------------- Incident Status Location Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini Adware:adware/afaenhance No disinfected Windows Registry Adware:Adware/StartPage.AHW No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP132\A0037426.dll Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP132\A0037471.EXE Adware:Adware/StartPage.AHW No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0039444.dll Adware:Adware/BookedSpace No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040506.dll Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040599.exe Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040604.dll Spyware:Spyware/SafeSurf No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040631.exe Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040632.exe Adware:Adware/BigTrafficNet No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040633.dll Spyware:Spyware/SafeSurf No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040634.dll Spyware:Spyware/SafeSurf No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040635.dll Spyware:Spyware/SafeSurf No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040636.exe Adware:Adware/BookedSpace No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040637.exe Spyware:Spyware/MarketScore No disinfected C:\System Volume Information\_restore{34BA929B-6925-4081-AE11-1CE74E446F9B}\RP133\A0040638.exe ---------------------------------------------------------------------------------- HJT Log ---------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 6:05:05 PM, on 9/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TangoManager.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Avant Browser\avant.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://windowsupdate.microsoft.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Cody's Internet Explorer O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200 O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall60.trendmicro.com/housecall/xscan60.cab[/url] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url] O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://www.bitdefender.com/scan8/oscan8.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114539230812[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - [url]http://www.pacimedia.com/install/pcs_0009.exe[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5free/asinst.cab[/url] O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/radio/ampx2.6.1.7_en_dl.cab[/url] O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - [url]http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[/url] O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - [url]https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab[/url] O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - [url]https://care.alltel.com/lwp/static/installers/ALLTELControls.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{28452BEC-32CE-4AF9-9C3C-550EF8339B11}: NameServer = 166.102.165.11 166.102.165.13 O17 - HKLM\System\CS1\Services\Tcpip\..\{28452BEC-32CE-4AF9-9C3C-550EF8339B11}: NameServer = 166.102.165.11 166.102.165.13 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Posted by: MicroBell Run killbox again using the same instructions as before for this file... [b]C:\WINDOWS\cfgmgr52.ini[/b] Other then that.. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below. [COLOR=Purple][SIZE=3][b][u]Reset hidden/system files and folders[/u][/b][/SIZE][/COLOR] [COLOR=Red][B]Windows XP ===============[/B][/COLOR] [list][*]Click [i][B]Start[/B][/i]. [*]Open [i][B]My Computer[/B][/i]. [*]Select the [i][B]Tools menu[/B][/i] and click [i][B]Folder Options[/B][/i]. [*]Select the [i][B]View[/B][/i] tab. [*][i]Deselect[/i] the [i][B]Show hidden files and folders[/B][/i] option. [*][i]Select[/i] the [i][B]Hide file extensions for known types[/B][/i] option. [*][i]Select[/i] the [i][B]Hide protected operating system files[/B][/i] option. [*]Click [i][B]Yes[/B][/i] to confirm. [*]Click [i][B]OK[/B][/i].[/list] [COLOR=Red][B]Windows 2000 ===============[/B][/COLOR] [list] [*]Open [i][B]My Computer[/B][/i]. [*]Select the [i][B]Tools menu[/B][/i] and click [i][B]Folder Options[/B][/i]. [*]Select the [i][B]View[/B][/i] tab. [*][i]Select[/i] the [i] [B]Advanced settings box[/B] [/i] option. [*][i]Select[/i] the [i] [B]Hidden files[/B] [/i] Folders. [*][i]Deselect[/i] the [i] [B]Show all files[/B] [/i] option. [*]Click [i][B]Yes[/B][/i] to confirm. [*]Click [i][B]OK[/B][/i].[/list] [COLOR=Red][B]Windows ME ===============[/B][/COLOR] [list] [*]Open [i][B]My Computer[/B][/i]. [*]Select the [i][B]Tools menu[/B][/i] and click [i][B]Folder Options[/B][/i]. [*]Select the [i][B]View[/B][/i] tab. [*][i]Deselect[/i] the [i][B]Show hidden files and folders[/B][/i] option. [*][i]Select[/i] the [i][B]Hide protected operating system files[/B][/i] option. [*]Click [i][B]Yes[/B][/i] to confirm. [*]Click [i][B]OK[/B][/i].[/list] [COLOR=Red][B]Windows 95/98/98SE ===============[/B][/COLOR] [list] [*]Open [i][B]My Computer[/B][/i]. [*]Select the [i][B]View[/B][/i] [*][i]Select[/i] the [i] [B]Folder Options [/B] [/i] option. [*][i]Select[/i] the [i] [B]View[/B] tab.[/i] option. [*][i]Select[/i] the [i] [B]Advance Advanced settings box[/B] [/i] option. [*][i]Select[/i] the [i] [B]Hidden files[/B] [/i] folder. [*][i]Deselect[/i] the [i] [B]Show all files[/B] [/i] option [*]Click [i] [B]Apply[/B] [/i] to confirm. [*]Click [i][B]OK[/B][/i].[/list] [COLOR=Purple][SIZE=3][B][u]Create a new System Restore point[/u][/b][/SIZE][/COLOR] [COLOR=Red][B]Windows XP ===============[/B][/COLOR] [list][*] Click Start >> Run - type [I][B]SYSDM.CPL[/B][/I] & press [B]Enter[/B] [*] Select the [B]System Restore[/B] Tab [*] Tick on the checkbox - [b]"Turn off System Restore on all drives"[/b] [*] Click [B]Apply[/B] [*]Then [B]untick[/B] the same checkbox & click [B]OK[/B] [*] This deletes [b]ALL[/b] restore points that had the infection and creates a clean one[/list] [COLOR=Red][B]Windows ME ===============[/B][/COLOR] [list] [*]Click the [i][B]Start[/B][/i] tab. [*][i]Select[/i] the [i] [B]Settings[/B] [/i] option. [*][i]Select[/i] the [i] [B]Control Panel[/B] [/i] option. [*][i]Double Click[/i] the [i] [B]System icon Performance tab[/B] [/i] option. [*][i]Select[/i] [i] [B]File System[/B] [/i] [*][i]Select[/i] the [i] [B]Troubleshooting tab[/B] [/i] [*][i]Check[/i] the [i] [B]Disable System Restore box[/B][/i] [*]Click [i] [B]Apply[/B] [/i] to confirm. [*]Click [i][B]OK[/B][/i].[/list] Reboot the PC and [B]repeat[/B] the above procedure again When you get to this option [list][*][i][B]Uncheck[/B][/i] the [i] [B]Disable System Restore box[/B][/i][/list] For [B]Windows ME[/B]..we [B]MUST[/B] create a new restore point now as [B]Windows ME[/B] will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below. [list] [*]Click the [B]Start[/B] button. [*]Point to [B]Programs[/B], point to [B]Accessories[/B], point to [B]System Tools[/B], and then click [B]System Restore[/B]. [*]Choose [B]Create a restore point[/B], and then click [B]Next[/B]. [*]In the [B]Restore point description box[/B], type a name for your restore point, and then click [B]Next[/B]. Click [B]OK[/B][/list] [COLOR=Purple][SIZE=3][B][u]Enable Windows Auto Update[/u][/b][/SIZE][/COLOR] [list][*] Go to Start>Run - type [b]wuaucpl.cpl[/b] [*] Tick on the checkbox - [B]"Keep my computer up to date"[/B] [*] Under settings, choose [B]"Automatically download the updates, and install them on the schedule that I specify". [/B] [*] Click on [i]"[B]OK[/B]"[/i]. [/list] Please visit [URL=http://v4.windowsupdate.microsoft.com/en/default.asp][B][COLOR=DarkOrchid]Microsoft's Window's Update Page[/COLOR][/B][/URL] and install the latest service packs, patch’s and security updates for your system. [COLOR=Purple][SIZE=3][B][u]Recommended Protection Programs[/u][/b][/SIZE][/COLOR] Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: [list][*][url=http://www.javacoolsoftware.com/spywareblaster.html][B][COLOR=DarkOrchid]SpywareBlaster[/COLOR][/B][/url] to help prevent spyware from installing in the first place. [*][url=http://www.javacoolsoftware.com/spywareguard.html][B][COLOR=DarkOrchid]SpywareGuard[/COLOR][/B][/url] to catch and block spyware before it can execute. [*][url=https://netfiles.uiuc.edu/ehowes/www/resource.htm][B][COLOR=DarkOrchid]IESpy-Ad[/COLOR][/B][/url] to block access to malicious websites so you cannot be redirected to them from an infected site or email. [*][URL=http://www.winpatrol.com/winpatrol.html][B][COLOR=DarkOrchid]WinPatrol[/COLOR][/B][/URL] to monitor any changes that programs make to the registry.[/list] If you do not have a firewall, here are 4 free ones available for personal use: [list] [*][url=http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za][color=blue][B]ZoneAlarm[/B][/color][/url] [*][url=http://smb.sygate.com/products/spf_standard.htm][color=blue][B]Sygate Personal Firewall[/B][/color][/url] [*][url=http://www.kerio.com/us/kpf_download.html][color=blue][B]Kerio Personal Firewall[/B][/color][/url] [*][url=http://www.agnitum.com/download/outpost1.html][color=blue][B]OutPost Firewall[/B][/color][/url] [/list] In today’s world you [b]MUST[/b] have an Antivirus program. If you do not have one, here are 3 [b]FREE[/b] ones available for personal use: [list] [*] [URL=http://free.grisoft.com/doc/Get+AVG+FREE/lng/us/tpl/v5][B][COLOR=Purple] Grisoft AVG Anti-Virus System [/COLOR][/B][/URL] [*] [URL=http://www.avast.com/eng/avast_4_home.html][B][COLOR=Purple] Alwil Avast 4 Home Edition[/COLOR][/B][/URL] [*] [URL=http://www.bitdefender.com/bd/site/products.php?p_id=24][B][COLOR=Purple] Softwin BitDefender Free Edition Version 7[/COLOR][/B][/URL] [/list] In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles [list][*] [URL=http://forums.net-integration.net/index.php?showtopic=3051][color=blue][b]HOW DID I GET INFECTED IN THE FIRST PLACE?[/b][/color][/URL] [*] [URL=http://www.greyknight17.com/spyware.htm#prevent][color=blue][B]THE ANTI-SPYWARE TUTORIAL[/B][/color][/URL] [*] [url=http://www.bleepingcomputer.com/forums/Making_Internet_Explorer_Safer-tut102.html][color=blue][B]MAKING INTERNET EXPLORER SAFER[/B][/color][/url][/list] Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the [B]adware/spyware/virus/worms[/B] from getting on the system in the first place. Posted by: do_the_dew910 I'd just like to thank you so much for using your free time to help me- Posted by: MicroBell You bet....Enjoy! :O) vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |