|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#16
|
||||
|
||||
Slingo Wild 7's-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6105C9EA-FFC3-484A-950A-90F48CD7C73E}\setup.exe" -l0x9
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe" The Sims Complete Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009 Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe" Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731 VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E} Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe" Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe" Word Skramble-->C:\PROGRA~1\eGames\WORDSK~1\UNWISE.EXE C:\PROGRA~1\eGames\WORDSK~1\INSTALL.LOG Word Wiz-->C:\PROGRA~1\eGames\WORDWI~1\UNWISE.EXE C:\PROGRA~1\eGames\WORDWI~1\INSTALL.LOG =====HijackThis Backups===== O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.listen.com O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: AVG 7.5.549 ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- |
#17
|
||||
|
||||
We can go ahead and make changes now, and after you can post the Kaspersky scan when available.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis. F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, \s, O2 - BHO: (no name) - {F92A8F98-AE62-4897-9DC2-E31EC007456D} - (no file) O3 - Toolbar: (no name) - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - (no file) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) ----------------------- Code:
REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "C:\WINDOWS\system32\yqkolvqr.exe"=- "C:\Documents and Settings\HP_Owner\bjryd.exe"=- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"=- Save this to your desktop as "fixer.reg" Be sure to include the "" quotes in the name. Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry. |
#18
|
||||
|
||||
Thanks for all your help Tom. Glad you folks are around and giving your time to help the rest of us.
|
#19
|
||||
|
||||
Post the Kaspersky scan and we can follow through here with repairs.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Could you check this HijackThis log please? | Phil5000 | Windows XP | 1 | November 10th, 2006 12:50 AM |
please check my HiJackThis log... | aoxk61 | Malware Removal | 2 | September 29th, 2006 05:24 AM |
Please check my Hijackthis Log | twinx | Malware Removal | 3 | February 28th, 2005 02:49 AM |
Hijackthis log: Please Check | Crossbones84 | Malware Removal | 1 | June 25th, 2004 01:09 AM |
Could you check my HijackThis log? | thezieb | Malware Removal | 2 | June 24th, 2004 08:41 PM |
All times are GMT +1. The time now is 02:25 AM.