DaniWeb IT Discussion Community
1 2
Show 40 post(s) from this thread on one page

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   Computer nearly inoperable (http://www.daniweb.com/forums/thread25713.html)

cjillson7030 Jun 13th, 2005 11:10 pm
Computer nearly inoperable
 
When on internet I keep getting "not responding" and then I get kicked off. Its not just internet though, just trying to open control panel is impossible at times. I get nothing at first, then just a white box and the hourglass goes on forever(or until I ctrl/alt/delete and get "not responding"). The computer wont even shut off except by reset button. Everything is painfully slow. When I can get on internet it acts as if it is dial up even though I have dsl. I scanned with Panda, spyspotter, spybot etc. I havent found any viruses or trojans, but it acts as if it is infected. Here is my log from HJT just in case.

Logfile of HijackThis v1.99.1
Scan saved at 9:09:16 PM, on 06/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\apsi\wtta.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\w?nspool.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\110999~1\EE\AOLHOS~1.EXE
C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Yaplock\YaplockTray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\COMMON~1\AOL\110999~1\EE\AOLServiceHost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Carrie\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oemji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBHelper - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54C421A4-9F62-F88E-18C2-94BC6D78E3BA} - C:\WINDOWS\system32\xnlbokz.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4FFB-8758-209B6AD74ACC} - c:\PROGRA~1\MICAC0~1\System\MNYVIE~1.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109993912\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [Muo] C:\WINDOWS\system32\w?nspool.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yaplock.lnk = C:\Program Files\Yaplock\YaplockTray.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...S_ZCYYYYYYYYUS
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\PROGRA~1\MICAC0~1\System\MNYVIE~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

dlh6213 Jun 14th, 2005 7:51 am
Re: Computer nearly inoperable
 
Download, install, update, and run the PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail...e/1098736486/1

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/

Note -- When you run Ewido for the first time, you will get the warning Database could not be found!, click OK when you do.

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

Reboot into Safe Mode (reboot your computer and tap the F8 key while it's starting back up).

Double-click on the Nailfix.bat that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Reboot normally.

Scan with hijackthis and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {54C421A4-9F62-F88E-18C2-94BC6D78E3BA} - C:\WINDOWS\system32\xnlbokz.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [Muo] C:\WINDOWS\system32\w?nspool.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...US_ZCYYYYYYYYUS

Be sure all windows, other then hijackthis, are closed before hitting Fix checked.

Did you install Oemji yourself?

Reboot, close any open browser windows, scan with hijackthis, and post a new log along with the Ewido log.

cjillson7030 Jun 15th, 2005 1:29 am
Re: Computer nearly inoperable
 
I did not install oemji, a box kept popping up asking if I wanted to revert to oemji and I kept saying no (since I didnt even know what it was) but I think I may have in haste clicked yes.
Here are my logs.

Logfile of HijackThis v1.99.1
Scan saved at 11:17:39 PM, on 06/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\AOL\110999~1\EE\AOLHOS~1.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Yaplock\YaplockTray.exe
C:\PROGRA~1\COMMON~1\AOL\110999~1\EE\AOLServiceHost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carrie\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oemji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBHelper - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109993912\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yaplock.lnk = C:\Program Files\Yaplock\YaplockTray.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\PROGRA~1\MICAC0~1\System\MNYVIE~1.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:56:58 PM, 06/14/2005
+ Report-Checksum: B2D69AAD

+ Scan result:

HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Spyware.FizzleBar
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Spyware.FizzleBar
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Spyware.FizzleBar
HKU\S-1-5-21-2154702590-3133978997-4149289120-1021\Software\intexp -> Spyware.IEPlugin
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Downloader
C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\fipartnr.ini -> Spyware.Cookie.Firsthorizon
C:\Documents and Settings\Carrie\Cookies\carrie@about[2].txt -> Spyware.Cookie.About
C:\Documents and Settings\Carrie\Cookies\carrie@adknowledge[2].txt -> Spyware.Cookie.Adknowledge
C:\Documents and Settings\Carrie\Cookies\carrie@ads.addesktop[1].txt -> Spyware.Cookie.Addesktop
C:\Documents and Settings\Carrie\Cookies\carrie@ads.jackpot[1].txt -> Spyware.Cookie.Jackpot
C:\Documents and Settings\Carrie\Cookies\carrie@aimtoday.aol[1].txt -> Spyware.Cookie.Aol
C:\Documents and Settings\Carrie\Cookies\carrie@architecture.about[2].txt -> Spyware.Cookie.About
C:\Documents and Settings\Carrie\Cookies\carrie@bannerspace[2].txt -> Spyware.Cookie.Bannerspace
C:\Documents and Settings\Carrie\Cookies\carrie@counter.relmaxtop[1].txt -> Spyware.Cookie.Relmaxtop
C:\Documents and Settings\Carrie\Cookies\carrie@creativeby.viewpoint[2].txt -> Spyware.Cookie.Viewpoint
C:\Documents and Settings\Carrie\Cookies\carrie@dist.belnk[2].txt -> Spyware.Cookie.Belnk
C:\Documents and Settings\Carrie\Cookies\carrie@imdb[1].txt -> Spyware.Cookie.Imdb
C:\Documents and Settings\Carrie\Cookies\carrie@oinadserve[2].txt -> Spyware.Cookie.Oinadserve
C:\Documents and Settings\Carrie\Cookies\carrie@popupblockade[1].txt -> Spyware.Cookie.Popupblockade
C:\Documents and Settings\Carrie\Cookies\carrie@realmedia[2].txt -> Spyware.Cookie.Realmedia
C:\Documents and Settings\Carrie\Cookies\carrie@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler
C:\Documents and Settings\Carrie\Cookies\carrie@sageanalyst[1].txt -> Spyware.Cookie.Sageanalyst
C:\Documents and Settings\Carrie\Cookies\carrie@servedby.netshelter[1].txt -> Spyware.Cookie.Netshelter
C:\Documents and Settings\Carrie\Cookies\carrie@webstat[1].txt -> Spyware.Cookie.Webstat
C:\Documents and Settings\Carrie\Cookies\carrie@www.2-spyware[1].txt -> Spyware.Cookie.2-spyware
C:\Documents and Settings\Carrie\Cookies\carrie@www.hey[1].txt -> Spyware.Cookie.Hey
C:\Documents and Settings\Carrie\Cookies\carrie@www.imdb[2].txt -> Spyware.Cookie.Imdb
C:\Documents and Settings\Carrie\Cookies\carrie@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram
C:\Documents and Settings\Carrie\Cookies\carrie@www.smarttargetting[1].txt -> Spyware.Cookie.Smarttargetting
C:\Documents and Settings\Carrie\Local Settings\Temp\180sainstaller.exe -> Spyware.180Solutions.b
C:\Program Files\apsi\wtta.exe -> Spyware.PurityScan
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug
C:\Program Files\Common Files\AOL\ACS\acsd.exe -> Heuristic.Win32.Keylogger
C:\Program Files\Common Files\AOL\ACS\acssetup.exe -> Heuristic.Win32.Keylogger
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/data\player\aolnysev.exe -> Heuristic.Win32.Downloader
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> Heuristic.Win32.Downloader
C:\Program Files\Microsoft Money\System\mode0.cab/fipartnr.ini -> Spyware.Cookie.Firsthorizon
C:\Program Files\Yahoo!\dslsetup\YRegHost.exe -> Heuristic.Win32.Dialer
C:\Program Files\Yahoo!\setup\YRegHost.exe -> Heuristic.Win32.Dialer
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP113\A0023670.exe -> Heuristic.Win32.Dialer
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023701.exe -> Spyware.180Solutions
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP115\A0023703.dll -> Spyware.180Solutions
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023732.exe -> Spyware.BackWeb
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023738.dll -> Spyware.404Search
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023740.DLL -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023743.EXE -> Spyware.Wesbar
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023745.DLL -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023748.SCR -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023749.dll -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023751.DLL -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023752.EXE -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023754.DLL -> Spyware.Wesbar
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023755.DLL -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023756.DLL -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023758.DLL -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023760.DLL -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023761.DLL -> Spyware.MyWebSearch
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023826.dll -> Spyware.WildTangent
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023852.dll -> Spyware.WildTangent
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023861.dll -> Spyware.WildTangent
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023869.dll -> Spyware.WildTangent
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023879.dll -> Spyware.WildTangent
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023887.dll -> Spyware.WildTangent
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023897.dll -> Spyware.WildTangent
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023900.dll -> Spyware.WildTangent
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023939.dll -> Heuristic.Win32.Downloader
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0023968.exe -> Heuristic.Win32.Keylogger
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0024093.exe -> Heuristic.Win32.Keylogger
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0024095.exe -> Heuristic.Win32.Keylogger
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0024099.exe -> Heuristic.Win32.Keylogger
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP116\A0024102.exe -> Heuristic.Win32.Keylogger
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027179.ini -> Spyware.Cookie.Firsthorizon
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027180.exe -> Spyware.PurityScan
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027181.dll -> Spyware.Wheaterbug
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027182.exe -> Heuristic.Win32.Keylogger
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027183.exe -> Heuristic.Win32.Keylogger
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027184.exe -> Heuristic.Win32.Downloader
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027185.exe -> Heuristic.Win32.Dialer
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP119\A0027186.exe -> Heuristic.Win32.Dialer
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP68\A0010360.EXE -> Spyware.Background
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP72\A0010412.dll -> Heuristic.Win32.Downloader
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP72\A0010455.DLL -> TrojanDownloader.FunWeb.a
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP86\A0015453.exe -> Spyware.BetterInternet
C:\WINDOWS\Downloaded Program Files\clientax.dll -> Spyware.180Solutions
C:\WINDOWS\Downloaded Program Files\m67m.ocx -> Spyware.MediaMotor
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b
C:\WINDOWS\imgthin.exe -> Heuristic.Win32.Downloader
C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch
C:\WINDOWS\tmpcpyis.bat -> Backdoor.AcidShiver


::Report End

dlh6213 Jun 15th, 2005 3:49 am
Re: Computer nearly inoperable
 
Turn off System Restore.

Go to Add/Remove Programs in your Control Panel and remove (if present):

Oemji
WeatherBug

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Go to Start, Run, and type in cleanmgr, and then click OK. Select the drive XP is on, and check the boxes for Downloaded Program Files (move any files you wish to keep out of this folder first), Temporary Internet Files, Recycle Bin, Temporary Files, Temporary Offline Files, Offline Files, (and Compress old files & Catalog files for the Content Indexer if you wish), and then click OK. Click Yes to confirm you want these files deleted. It may take awhile for this to run, please be patient.

Note: if any of these temporary files cannot be deleted while in normal mode, try Safe Mode.

Download, install, update, and run PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Scan with hijackthis and have it fix the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oemji.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O15 - Trusted Zone: *.media-motor.net (if you did not put this in your Trusted Zone yourself)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...467&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...iTunesSetup.exe
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/p...AIM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuit.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab

Remember to close any open windows, other then hijackthis, before hitting Fix checked.

Reboot into Safe Mode.

Go to the following locations and delete the highlighted files and folders (if present):

C:\WINDOWS\imgthin.exe
C:\WINDOWS\Downloaded Program Files\clientax.dll
C:\WINDOWS\Downloaded Program Files\m67m.ocx
C:\WINDOWS\SYSTEM32\f3PSSavr.scr
C:\WINDOWS\tmpcpyis.bat

C:\Program Files\Oemji
C:\Program Files\AWS

Scan with Ewido.

Reboot normally and empty your Recycle Bin.

Close any open browser windows, scan with hijackthis, and post a new log along with the new Ewido log.

cjillson7030 Jun 16th, 2005 12:52 am
Re: Computer nearly inoperable
 
I couldn't delete all temp files, even in safe mode. heres what I have now;


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:36:01 PM, 06/15/2005
+ Report-Checksum: 5C6985FF

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PuritySCAN -> Spyware.PurityScan
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Downloader
C:\Documents and Settings\Carrie\Cookies\carrie@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/data\player\aolnysev.exe -> Heuristic.Win32.Downloader
C:\Program Files\Microsoft Money\System\mode0.cab/fipartnr.ini -> Spyware.Cookie.Firsthorizon


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 10:51:08 PM, on 06/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110999~1\EE\AOLHOS~1.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Yaplock\YaplockTray.exe
C:\PROGRA~1\COMMON~1\AOL\110999~1\EE\AOLServiceHost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Carrie\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109993912\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yaplock.lnk = C:\Program Files\Yaplock\YaplockTray.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\PROGRA~1\MICAC0~1\System\MNYVIE~1.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

dlh6213 Jun 17th, 2005 8:54 am
Re: Computer nearly inoperable
 
Download and run Silent Runners.vbs -- http://www.silentrunners.org/. Post the information from the log it generates in this thread.

Please post another hijackthis log as well.

cjillson7030 Jun 17th, 2005 7:48 pm
Re: Computer nearly inoperable
 
Here it is;

"Silent Runners.vbs", revision 38, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = "1" [file not found]
"Microsoft Works Update Detection" = "c:\Program Files\Microsoft Works\WkDetect.exe" [file not found]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Motive SmartBridge" = "C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"THGuard" = ""C:\Program Files\TrojanHunter 4.1\THGuard.exe"" ["Mischel Internet Security"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"" [file not found]
"IPInSightLAN 02" = ""C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l" ["Visual Networks"]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"IPInSightMonitor 02" = ""C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"" ["Visual Networks"]
"S3TRAY2" = "S3tray2.exe" ["S3 Graphics, Inc."]
"BJCFD" = "C:\Program Files\BroadJump\Client Foundation\CFD.exe" ["BroadJump, Inc."]
"YPC" = "C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe" ["Yahoo! Inc."]
"checktime" = "c:\program files\HPSelect\Frontend\ct.exe" [null data]
"YBrowser" = "C:\Program Files\Yahoo!\browser\ybrwicon.exe" ["Yahoo!, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"CaAvTray" = ""C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"" ["Computer Associates International, Inc."]
"CAVRID" = ""C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"" ["Computer Associates International, Inc."]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"HostManager" = "C:\Program Files\Common Files\AOL\1109993912\EE\AOLHostManager.exe" ["America Online, Inc."]
"AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["America Online"]
"AOL Spyware Protection" = ""C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.1\contmenu.dll" [null data]
"{1CE2AA40-1317-11D3-9922-00104B0AD431}" = "CA_AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard.Handler" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard.Handler" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]


Startup items in "Carrie" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\Carrie\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]
"Yaplock" -> shortcut to: "C:\Program Files\Yaplock\YaplockTray.exe" ["Oemtec, Ltd"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"SBC Self Support Tool" -> shortcut to: "C:\Program Files\SBC Self Support Tool\bin\matcli.exe -boot" ["Motive Communications, Inc."]


Enabled Scheduled Tasks:
------------------------

"Disk Cleanup" -> launches: "C:\WINDOWS\SYSTEM32\cleanmgr.exe" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\VetRedir.dll ["Computer Associates International, Inc."], 01 - 03, 21
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll" [MS]

"{40D41A8B-D79B-43D7-99A7-9EE0F344C385}" = "AIM Search" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AIM Toolbar\AIMBar.dll" ["America Online, Inc"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{40D41A8B-D79B-43D7-99A7-9EE0F344C385}" = "AIM Search"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AIM Toolbar\AIMBar.dll" ["America Online, Inc"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll" [MS]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}\ = "MoneySide"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "c:\PROGRA~1\MICAC0~1\System\MNYVIE~1.DLL" [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
"CLSIDExtension" = "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{301DA1EE-F65C-4188-A417-9E915CC8FBFA}"
-> {CLSID}\InProcServer32\(Default) = "c:\PROGRA~1\MICAC0~1\System\MNYVIE~1.DLL" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online"]
AOL TopSpeed Monitor, AOL TopSpeedMonitor, "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" ["America Online, Inc"]
CAISafe, CAISafe, "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe" ["Computer Associates International, Inc."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
VET Message Service, VETMSGNT, "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe" ["Computer Associates International, Inc."]
YPCService, YPCService, "C:\WINDOWS\SYSTEM32\YPCSER~1.EXE" ["Yahoo! Inc."]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
Logfile of HijackThis v1.99.1
Scan saved at 5:47:47 PM, on 06/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\COMMON~1\AOL\110999~1\EE\AOLHOS~1.EXE
C:\Program Files\Yaplock\YaplockTray.exe
C:\PROGRA~1\COMMON~1\AOL\110999~1\EE\AOLServiceHost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Carrie\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109993912\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yaplock.lnk = C:\Program Files\Yaplock\YaplockTray.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\PROGRA~1\MICAC0~1\System\MNYVIE~1.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

dlh6213 Jun 18th, 2005 7:48 pm
Re: Computer nearly inoperable
 
I don't see much else wrong.

Please go to http://virusscan.jotti.org/ and have this file scanned:
C:\WINDOWS\System32\wbem\wmiprvse.exe

Post the results back here and let us know what problems you are still having.

DMR Jun 19th, 2005 1:01 am
Re: Computer nearly inoperable
 
Hi cjillson7030,

dlh6213 has done a good job of walking you through the process of removing the obvious "nasties" that were present on your system. I would definitely do as he asked in terms of having the wmiprvse.exe file scanned; that file is normally a valid Windows file, but a file of that name is also known to placed on systems by some malicious programs. Other than that though, I agree with him on the fact that you're system isn't showing any more signs of infection.

Given that, your system logs may hold some clues as to the cause(s) of your "not responding" program crashes/hangs. I'm inclined to believe that those errors are not related to the infections you had, or that the infections may have caused the errors, but the damage done won't be fixed just by removing the infections themselves.

Please do the following:

Open the Event Viewer utility in your Administrative Tools control panel.

In the Event Viewer, look through the System and Application logs for entries flagged as "Warning" or "Error"; double-clicking on any of those entries will open a "details" window with more information about the error/warning. If you find any entries that seem to relate to program hangs/crashes or anything else related to the problems you're having, post the full and exact contents given in the detail windows.

cjillson7030 Jun 19th, 2005 9:09 pm
Re: Computer nearly inoperable
 
I looked at Event Viewer and found a lot of warnings and errors in system and applications, but I dont know how to post them, because it wont let me copy and paste. Is there another way?

Heres my scan;

Service load: 0% 100%

File: wmiprvse.exe
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 075ea6c849ab0fe416a3d6dd65c3cf41
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing


All times are GMT -4. The time now is 2:55 am.
1 2
Show 40 post(s) from this thread on one page

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC