|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
I need help...Log file included...Varient of the Qoologic Trojan
This is my first time on this site. I have never had a serious problem with my PC until now. I am stuck. I am without any answers. I downloaded HijackThis because I had nowhere else to turn. I have some varrient of the Qoologic trojan family virus but I can't find it and I can't get rid of it I have been trying for about two days now with no hope. Please can someone help me.
Here is my log file. Any advice will be greatly appreciated. Logfile of HijackThis v1.98.2 Scan saved at 1:25:20 PM, on 6/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\infectionreport.e xe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Canon\BJPV\TVMon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\sccs31.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe C:\WINDOWS\system32\sbeport_vc645.exe C:\Program Files\Cas\Client\casclient.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Belkin\Nostromo\nost_LM.exe C:\Documents and Settings\Christopher Jensen\Start Menu\Programs\Startup\loaddtraff[1].exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\EARTHL~1\IEAccnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Christopher Jensen\Local Settings\Temporary Internet Files\Content.IE5\5LSU3FHP\hijackthis1977[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://start.earthlink.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost; R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {923924EC-0404-4A02-8694-E46F64C5EAE7} - C:\WINDOWS\System32\mfplay.dll (file missing) O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsr99.dll O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [sFEW3nS] sccs31.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rmumla.exe reg_run O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0 O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [dox6Rhe2T] sbeport_vc645.exe O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Startup: loaddtraff[1].exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: ntct.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\earthlinkim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU) O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...ix/install.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zum...ploader_v5.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab |
#2
|
|||
|
|||
Hi spiderman2099
Welcome to CTH Delete your old Hijackthis folder. Download latest HijackThis 1.99.1 from HERE It will auto install to C:\Program Files for you, just click on the "Unzip" button. You will need to DISABLE Spysweeper and Teatimer whilst doing the below fixes,please. 1 Plese download FindQoologic2.zip and save it to your Desktop. Unzip the files into their own,new folder and name it FindQoologic........Dont run it , yet , run it later in Safe Mode. Next, Please download Killbox Please extract (unzip) it to its own, new folder. ........Dont run it , yet , run it later in Safe Mode 2. Close ALL Internet Explorer Windows, only have HijackThis running. In HijackThis, tick the boxes for the below entries, then click on "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost; R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll O2 - BHO: (no name) - {923924EC-0404-4A02-8694-E46F64C5EAE7} - C:\WINDOWS\System32\mfplay.dll (file missing) O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsr99.dll O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [sFEW3nS] sccs31.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rmumla.exe reg_run O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [dox6Rhe2T] sbeport_vc645.exe O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe" O4 - Startup: loaddtraff[1].exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: ntct.exe O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...mix/install.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0002.exe 3. REBOOT INTO SAFE MODE...--> How to reboot to Safe Mode -->(reboot and tap F8 immediately after BIOS screen ( the Bios screen is the first black and white screen you see)....choose Safe Mode from menu) 4. Open KILLBOX. Highlight all the bold lines below, and then press the Ctrl key and the C key at the same time, to copy them to the clipboard: C:\WINDOWS\cfgmgr52.dll C:\WINDOWS\system32\sccs31.exe C:\WINDOWS\system32\rmumla.exe C:\WINDOWS\system32\richup.exe C:\WINDOWS\system32\sbeport_vc645.exe C:\Program Files\Cas\Client\casclient.exe C:\Documents and Settings\Christopher Jensen\Start Menu\Programs\Startup\loaddtraff[1].exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ntct.exe Next, go to Killbox and click on the "File" menu,....... and then click on "Paste from Clipboard" menu item. In the "Full Path of File to Delete" box you should see the first file. If you dropdown that box you should see the rest of the file paths....... Make sure that all the file paths are all there. Click on the "Delete on Reboot" option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that "All listed files will be deleted on next reboot"......., click YES. When it asks if you would like to Reboot now, click NO.........you need to run Find-Qoologic2. Open the FindQoologic folder and doubleclick on Find-Qoologic.bat file to run it. Wait until a text opens, post it in a reply to your thread.....it will take between 5 and 10 minutes to run, so don't panic and don't close the file until the file.txt opens.....save the file.txt log . Then Reboot computer and post back a new HJT log and Qoologic`s file.txt log to this thread, please. Cheers |
#3
|
|||
|
|||
Here is the new logfile and the findqoologic txt file. Is there anything else that needs to be done? Thank you for all your help.
1st the Findqoologic txt file: PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. some examples are MRT.EXE NTDLL.DLL. »»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» * aspack C:\WINDOWS\System32\PVYVG.DAT * aspack C:\WINDOWS\System32\BOQOXAD.EXE * aspack C:\WINDOWS\System32\MRT.EXE * aspack C:\WINDOWS\System32\REDIT.CPL * UPX! C:\WINDOWS\System32\AUTHZ.EXE * UPX! C:\WINDOWS\System32\AVIFIL32.EXE * UPX! C:\WINDOWS\System32\COMDOS.EXE * UPX! C:\WINDOWS\System32\FM20.EXE * UPX! C:\WINDOWS\System32\MESS.EXE * UPX! C:\WINDOWS\System32\REINST~1.EXE * UPX! C:\WINDOWS\IEMPG.DLL * UPX! C:\WINDOWS\IEMPG2.DLL * UPX! C:\WINDOWS\MPGCOM.DLL * UPX! C:\WINDOWS\QUESTM~1.DLL * UPX! C:\WINDOWS\WIESASP.DLL * UPX! C:\WINDOWS\WIESASP2.DLL »»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» * exe C:\docume~1\alluse~1\startm~1\programs\startup\NTC T.EXE »»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»» (fstarts by IMM - test ver. 0.001) NOT using address check -- 0x7c90df5e Global Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup . .. DESKTOP.INI Digital Line Detect.lnk Loadout Manager.lnk Logitech Desktop Messenger.lnk ntct.exe User Startup: C:\Documents and Settings\Administrator.SPIDERMAN.000\Start Menu\Programs\Startup . .. DESKTOP.INI »»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»» ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CA _AntiVirus <NO NAME> REG_SZ {1CE2AA40-1317-11D3-9922-00104B0AD431} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fq kqsymt <NO NAME> REG_SZ {7e11bd4d-87d8-46e7-b182-08df6f41cc91} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Of fline Files <NO NAME> REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With <NO NAME> REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With EncryptionMenu <NO NAME> REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a 2a9545d-a0c2-42b4-9708-a0b2badd77c8} <NO NAME> REG_SZ Start Menu Pin 2nd the Hijack new logfile: Logfile of HijackThis v1.99.1 Scan saved at 6:01:29 PM, on 6/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\infectionreport.e xe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Canon\BJPV\TVMon.exe C:\Program Files\Canon\BJCard\BJLaunch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Belkin\Nostromo\nost_LM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Christopher Jensen\Start Menu\Programs\Startup\loaddtraff[1].exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://start.earthlink.net/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rmumla.exe reg_run O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0 O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Startup: loaddtraff[1].exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: ntct.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\earthlinkim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU) O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe |
#4
|
|||
|
|||
Hi spiderman2099
You will need to DISABLE Spysweeper and Spybot`s Teatimer whilst doing the below fixes,please....otherwise the bad entries below, will come back each reboot. Print this, or save to Notepad,,,,,,all Internet Explorer windows need to be CLOSED and you need to be DISCONNECTED from the internet. Download and save the below tools to new folders , before rebooting into Safe Mode. 1. Please download Killbox Please extract (unzip) it to its own, new folder. ........Dont run it , yet , run it later in Safe Mode 2. Download CleanUp .......Dont run it , yet , run it later. 3. Close ALL Internet Explorer Windows, only have HijackThis running. In HijackThis, tick the boxes for the below entries, then click on "Fix checked" O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rmumla.exe reg_run O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Startup: loaddtraff[1].exe O4 - Global Startup: ntct.exe 4. Open KILLBOX. Highlight all the bold lines below, and then press the Ctrl key and the C key at the same time, to copy them to the clipboard: C:\WINDOWS\system32\rmumla.exe C:\Documents and Settings\Christopher Jensen\Start Menu\Programs\Startup\loaddtraff[1].exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ntct.exe C:\WINDOWS\System32\PVYVG.DAT C:\WINDOWS\System32\BOQOXAD.EXE C:\WINDOWS\System32\REDIT.CPL C:\WINDOWS\System32\AUTHZ.EXE C:\WINDOWS\System32\AVIFIL32.EXE C:\WINDOWS\System32\COMDOS.EXE C:\WINDOWS\System32\FM20.EXE C:\WINDOWS\System32\MESS.EXE C:\WINDOWS\System32\REINST~1.EXE C:\WINDOWS\IEMPG.DLL C:\WINDOWS\IEMPG2.DLL C:\WINDOWS\MPGCOM.DLL C:\WINDOWS\QUESTM~1.DLL C:\WINDOWS\WIESASP.DLL C:\WINDOWS\WIESASP2.DLL Next, go to Killbox and click on the "File" menu,....... and then click on "Paste from Clipboard" menu item. In the "Full Path of File to Delete" box you should see the first file. If you dropdown that box you should see the rest of the file paths....... Make sure that all the file paths are all there. Click on the "Delete on Reboot" option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that "All listed files will be deleted on next reboot"......., click YES. When it asks if you would like to Reboot now, click YES. 5. Reboot computer and Run Cleanup,....when it opens click "Cleanup!" After CleanUp has finished,Reboot computer 6. Post back a new HijackThis log please, and let us know if any problems. Cheers |
#5
|
|||
|
|||
How do you disable spysweeper? and teatimer from spybot?
Thank you very much for your help. |
#6
|
|||
|
|||
Hi spiderman2099
Open Spybot and and make sure you are in Advanced mode (check it in the 'Mode' menu). Go to the Tools section and in the "Tools" list, double-click "Resident" and then uncheck the box for Tea Timer Use MSconfig to disable "Spysweeper" startup. Go to Start-->Run , and type in: MSCONFIG In the "Startup" tab, look for Spysweeper and clear the box for any Spysweeper entries. OR Open Spysweeper --> Shields --> and disable all Shields. Then Reset all "Shields" after cleaning. .............Then, reboot so changes take effect, ......... and do the fixes in HijackThis Cheers |
#7
|
|||
|
|||
Here is the new logfile. I disabled the teatimer like you said and I think I disabled the spysweeper. thank you for your help. I am sorry if this problem is not being solved because I forgot to do something right.
One thing is that when I use the killbox software and I do the ctrl and c at the same time and then clipboard it to the file. On the drop down screen it never shows all the files so I manually put them in and I was wondering is that ok or will the program only delete the very last program I put into it. I still put delete on reboot and don't press reboot intill I have all the programs in it. Just wondering. Thank you again Logfile of HijackThis v1.99.1 Scan saved at 4:34:00 PM, on 6/29/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Canon\BJPV\TVMon.exe C:\Program Files\Canon\BJCard\BJLaunch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Belkin\Nostromo\nost_LM.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://start.earthlink.net/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\earthlinkim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU) O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe |
#8
|
|||
|
|||
Hi spiderman2099
You did well Thanks for using Killbox in the alternate way, saved me some work Only have one antivirus running at any time. Disable the other from starting via Msconfig. It is fine to have 2 antivirus, but not both running at the same time. Goto "Start" --> "Run" and type in: MSCONFIG Then click on the "Startup" tab , and uncheck the boxes for the antivirus you don`t want running at startup. 2. Close ALL Internet Explorer Windows, only have HijackThis running. In HijackThis, tick the boxes for the below entries, then click on "Fix checked" the below line belongs to PC Tools, if you use PC Tools, it may need reinstalling O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe Close HijackThis. Please do a full system scan with this on-line virus scanner (turn off/ disable your antivirus while doing the on-line scans): http://www.pandasoftware.com/activescan/ Save the Report log and post here please. Also any problems still there ? Cheers |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
did I just install a Trojan? (HJT file included) | ashevillecomput | Malware Removal | 6 | September 30th, 2012 01:06 AM |
IE pop ups and possible trojan, hijack file included | cnmcorman | Malware Removal | 16 | January 8th, 2008 04:00 AM |
Qoologic trojan | karenparker | Malware Removal | 27 | November 16th, 2005 07:18 AM |
I have the Qoologic trojan, Please hlp | WhenBabylonFall | Malware Removal | 15 | November 1st, 2005 10:52 AM |
HELP!! Cant Get Rid Of Qoologic.L Trojan! (Hijack File Incl.) | krzykjun | Malware Removal | 3 | May 19th, 2005 02:11 AM |
All times are GMT +1. The time now is 07:48 PM.