 |  |  |  |  |  |  |  |
AdwarePunisher virus? Thing ... I dunno!! Please help!!
Thread Solved |
G'day everyone,
This is my first post here and could really use some help.
I've picked up some virus or something.
I've got an icon in the system tray that keeps popping up saying that I have data miners, data trasfers, credit hijacking, virus, all sorts of stuff (even when I'm offline) and has taken over my desktop wallpaper which all points to one website: http://www.<ahref='http://www.ad...a>punisher.com
I've also lost my google and ebay toolbar and I picked some other crap one somewhere.
I've run AVG, Xoftspy, <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor ... all sorts of stuff, but nothing's getting rid of it.
So I searched the net for <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>adware</a>punisher virus and found this site where someone's had a similar problem (www.daniweb.com/techtalkforums/thread38430.html) that someone was very kind to help out.
Well I'm in the same boat. So I've downloaded everything crunchie said on that other post, but it looks to be slightly different.
So here's my Hijackthis file:
Logfile of HijackThis v1.99.1
<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>scan</a> saved at 3:06:52 PM, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Telstra\Cable Login\bpcService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows & Internet Cleaner\WICleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\shell386.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadproductions.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadproductions.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [BigPond] "I:\5100.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\RunServices: [Windows Automatical Updater] dcz.exe
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner] C:\Program Files\Windows & Internet Cleaner\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [Windows & Internet Cleaner] C:\Program Files\Windows & Internet Cleaner\WICleaner.exe /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor] "C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner] C:\Program Files\Windows & Internet Cleaner\WICleaner.exe /ErIEIndex
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134122074280
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\sdhelp.exe
Any help would be very appreciated. This thing is driving me crazy!
Thanks in advance.
Cheers,
Jeremy
This is my first post here and could really use some help.
I've picked up some virus or something.
I've got an icon in the system tray that keeps popping up saying that I have data miners, data trasfers, credit hijacking, virus, all sorts of stuff (even when I'm offline) and has taken over my desktop wallpaper which all points to one website: http://www.<ahref='http://www.ad...a>punisher.com
I've also lost my google and ebay toolbar and I picked some other crap one somewhere.
I've run AVG, Xoftspy, <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor ... all sorts of stuff, but nothing's getting rid of it.
So I searched the net for <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>adware</a>punisher virus and found this site where someone's had a similar problem (www.daniweb.com/techtalkforums/thread38430.html) that someone was very kind to help out.
Well I'm in the same boat. So I've downloaded everything crunchie said on that other post, but it looks to be slightly different.
So here's my Hijackthis file:
Logfile of HijackThis v1.99.1
<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>scan</a> saved at 3:06:52 PM, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Telstra\Cable Login\bpcService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows & Internet Cleaner\WICleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\shell386.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadproductions.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadproductions.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [BigPond] "I:\5100.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\RunServices: [Windows Automatical Updater] dcz.exe
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner] C:\Program Files\Windows & Internet Cleaner\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [Windows & Internet Cleaner] C:\Program Files\Windows & Internet Cleaner\WICleaner.exe /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor] "C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner] C:\Program Files\Windows & Internet Cleaner\WICleaner.exe /ErIEIndex
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134122074280
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\sdhelp.exe
Any help would be very appreciated. This thing is driving me crazy!
Thanks in advance.
Cheers,
Jeremy
Download smitRem.exe and save the file to your desktop.
If you cannot access that link, here are alternate links:
smitRem.exe
smitRem.exe
Double click on the file to extract it to its own folder on the desktop.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click Check for updates now.
2) Select Configurations (click the Gear wheel at the top) as follows:
Next, please reboot your computer in SafeMode by doing the following:
Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named PC Tools <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor (SDhelper) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".
Uninstall this Software from Add/Remove Programs in Control Panel:-
spyware Doctor (if found)
Run HijackThis, and press "Scan". When the scan is complete place a check mark next to the following entries:-
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O4 - HKLM\..\RunServices: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor] "C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\swdoctor.exe" /Q
O9 - Extra button: <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O23 - Service: PC Tools <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\sdhelp.exe
After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked". Close Hijackthis.
Delete this file:-
C:\WINDOWS\system32\shell386.exe
Delete this folder:-
C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
Reboot back into Windows. Go to Panda ActiveScan website --> HERE
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Post Reply.
Let us know if any problems persist.
** It could be possible, after reboot that the system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK
If you cannot access that link, here are alternate links:
smitRem.exe
smitRem.exe
Double click on the file to extract it to its own folder on the desktop.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click Check for updates now.
2) Select Configurations (click the Gear wheel at the top) as follows:
- General Button > Safety & Settings: Check (Green) all three.
- Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Next, please reboot your computer in SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named PC Tools <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor (SDhelper) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".
Uninstall this Software from Add/Remove Programs in Control Panel:-
spyware Doctor (if found)
Run HijackThis, and press "Scan". When the scan is complete place a check mark next to the following entries:-
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O4 - HKLM\..\RunServices: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor] "C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\swdoctor.exe" /Q
O9 - Extra button: <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O23 - Service: PC Tools <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\sdhelp.exe
After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked". Close Hijackthis.
Delete this file:-
C:\WINDOWS\system32\shell386.exe
Delete this folder:-
C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
- Then select "Settings"
- Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
- Select "OK" and you will return to scanning options.
- Click on Complete System Scan and the scan will begin.
This scan can take quite a while to run, so please be patient . - While the scan is in progress, you will be prompted to clean the first infected file it finds.
- Choose Clean.
- Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
- When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again. The best place to save it would probably be your Desktop.
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
Reboot back into Windows. Go to Panda ActiveScan website --> HERE
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Post Reply.
Let us know if any problems persist.
** It could be possible, after reboot that the system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
Thanks for reply. It's looking better already.
I couldn't find a few of the thing listed in the HJT list you gave.
Here's a fresh HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 12:54:05 AM, on 31/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex
e
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Telstra\Cable Login\bpcService.exe
C:\Program Files\TechTracker\VersionTracker
Pro\VersionTrackerPro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.broadproductions.com.au
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.broadproductions.com.au
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper -
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program
Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -
{601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program
Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigPond] "I:\5100.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v4]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex
e
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program
Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Samsung LBP SM]
"C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program
Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /ErIEIndex
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word
- res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page
- res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla -
file://C:\Program
Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into
English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite...
- {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Control
s/en/x86/client/wuweb_site.cab?1134122074280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst
.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDow
nloader.cab
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login
(bpcService) - Unknown owner - C:\Program
Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido
networks - C:\Program Files\ewido
anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service -
Macromedia - C:\Program Files\Common Files\Macromedia
Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Here's the Pandascan report:
Incident Status Location
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-639646eb.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-639646eb.zip[Installer.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-4fef695d.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-4fef695d.zip[Installer.class]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jeremy Broad\Desktop\smitRem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jeremy Broad\Desktop\smitRem.exe[Process.exe]
Adware:adware/razespyware Not disinfected C:\WINDOWS\adw.htm
Virus:Trj/Downloader.HKM Disinfected C:\WINDOWS\loadadv728.exe
Adware:adware/azesearch Not disinfected C:\WINDOWS\system32\azebar.xml
Adware:adware/cashdeluxe Not disinfected C:\WINDOWS\system32\mswinf32.dll
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq
Possible Virus. Not disinfected D:\Downloads\Blaze Media Pro 2002c or any other build Time Limit Crack up.zip[BPM-.exe]
Possible Virus. Not disinfected D:\Downloads\Blaze_Media_Pro_2002g_Updated.zip[Loader.exe]
Possible Virus. Not disinfected D:\Downloads\Blaze_Media_Pro_2002_H-G-X.zip[Loader.exe]
Here's the ewidos report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:59:32 PM, 30/01/2006
+ Report-Checksum: 5F255959
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\intxt.exe -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\system32\mswinb32.dll -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\system32\mswinb32.exe -> Adware.CashDeluxe : Cleaned with backup
::Report End
Here's the the smitfiles report:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 30/01/2006
The current time is: 22:50:59.90
Running from
C:\Documents and Settings\Jeremy Broad\Desktop\smitRem\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 792 'explorer.exe'
Killing PID 792 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
Just one thing I wanted to ask. Can I reinstall Spyware Doctor? I actually just paid for that one on the recommendation of a few cluey computer guys. Quite a few people have told me to get rid of adaware saying that it is half the problem most times. It seems like each different spyware program seems to find different stuff and half the time it seems to related to another spyware program.
Thanks again, anyway. You rock!!
Let me know if there's anything I can do for you. Check out my site - www.broadproductions.com.au
I couldn't find a few of the thing listed in the HJT list you gave.
Here's a fresh HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 12:54:05 AM, on 31/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex
e
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Telstra\Cable Login\bpcService.exe
C:\Program Files\TechTracker\VersionTracker
Pro\VersionTrackerPro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.broadproductions.com.au
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.broadproductions.com.au
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper -
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program
Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -
{601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program
Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigPond] "I:\5100.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v4]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex
e
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program
Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Samsung LBP SM]
"C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program
Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /ErIEIndex
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word
- res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page
- res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla -
file://C:\Program
Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into
English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite...
- {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Control
s/en/x86/client/wuweb_site.cab?1134122074280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst
.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDow
nloader.cab
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login
(bpcService) - Unknown owner - C:\Program
Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido
networks - C:\Program Files\ewido
anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service -
Macromedia - C:\Program Files\Common Files\Macromedia
Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Here's the Pandascan report:
Incident Status Location
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-639646eb.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-639646eb.zip[Installer.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-4fef695d.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-4fef695d.zip[Installer.class]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jeremy Broad\Desktop\smitRem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jeremy Broad\Desktop\smitRem.exe[Process.exe]
Adware:adware/razespyware Not disinfected C:\WINDOWS\adw.htm
Virus:Trj/Downloader.HKM Disinfected C:\WINDOWS\loadadv728.exe
Adware:adware/azesearch Not disinfected C:\WINDOWS\system32\azebar.xml
Adware:adware/cashdeluxe Not disinfected C:\WINDOWS\system32\mswinf32.dll
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq
Possible Virus. Not disinfected D:\Downloads\Blaze Media Pro 2002c or any other build Time Limit Crack up.zip[BPM-.exe]
Possible Virus. Not disinfected D:\Downloads\Blaze_Media_Pro_2002g_Updated.zip[Loader.exe]
Possible Virus. Not disinfected D:\Downloads\Blaze_Media_Pro_2002_H-G-X.zip[Loader.exe]
Here's the ewidos report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:59:32 PM, 30/01/2006
+ Report-Checksum: 5F255959
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\intxt.exe -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\system32\mswinb32.dll -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\system32\mswinb32.exe -> Adware.CashDeluxe : Cleaned with backup
::Report End
Here's the the smitfiles report:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 30/01/2006
The current time is: 22:50:59.90
Running from
C:\Documents and Settings\Jeremy Broad\Desktop\smitRem\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 792 'explorer.exe'
Killing PID 792 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
Just one thing I wanted to ask. Can I reinstall Spyware Doctor? I actually just paid for that one on the recommendation of a few cluey computer guys. Quite a few people have told me to get rid of adaware saying that it is half the problem most times. It seems like each different spyware program seems to find different stuff and half the time it seems to related to another spyware program.
Thanks again, anyway. You rock!!
Let me know if there's anything I can do for you. Check out my site - www.broadproductions.com.au
Hi,
Spyware Doctor is a good AntiSpyware software. But, i said to uninstall it because, the Spyware Doctor installation folder was looking suspecious as it had Adware Punisher link in it!
You can install it again, but remember to download from official site:-
http://www.pctools.com/spyware-doctor/
By the way, there are some files to be removed.
Download CWShredder. Do not run it now!
Boot in Safe Mode.
Delete these files:-
C:\WINDOWS\adw.htm
C:\WINDOWS\loadadv728.exe
C:\WINDOWS\system32\azebar.xml
C:\WINDOWS\system32\mswinf32.dll
C:\WINDOWS\uniq
D:\Downloads\Blaze Media Pro 2002c or any other build Time Limit Crack up.zip
D:\Downloads\Blaze_Media_Pro_2002g_Updated.zip
D:\Downloads\Blaze_Media_Pro_2002_H-G-X.zip
Next, go to Control Panel. Double click on Java or Java Plug In icon. This opens up the Java VM applet.
Click "Cache" tab, and click "Clear" button.
If you can not find the "Cache" tab, then click "General" tab, and click "Delete Files" button inside the "Temporary Internet Files" option box. Then click "OK" to delete the applets, applications and other cache files. Exit from Control Panel.
Run CWShredder and click "Fix" and allow it to complete the process.
After this, reboot the PC to normal mode and please post a new HijackThis log.
Spyware Doctor is a good AntiSpyware software. But, i said to uninstall it because, the Spyware Doctor installation folder was looking suspecious as it had Adware Punisher link in it!
You can install it again, but remember to download from official site:-
http://www.pctools.com/spyware-doctor/
By the way, there are some files to be removed.
Download CWShredder. Do not run it now!
Boot in Safe Mode.
Delete these files:-
C:\WINDOWS\adw.htm
C:\WINDOWS\loadadv728.exe
C:\WINDOWS\system32\azebar.xml
C:\WINDOWS\system32\mswinf32.dll
C:\WINDOWS\uniq
D:\Downloads\Blaze Media Pro 2002c or any other build Time Limit Crack up.zip
D:\Downloads\Blaze_Media_Pro_2002g_Updated.zip
D:\Downloads\Blaze_Media_Pro_2002_H-G-X.zip
Next, go to Control Panel. Double click on Java or Java Plug In icon. This opens up the Java VM applet.
Click "Cache" tab, and click "Clear" button.
If you can not find the "Cache" tab, then click "General" tab, and click "Delete Files" button inside the "Temporary Internet Files" option box. Then click "OK" to delete the applets, applications and other cache files. Exit from Control Panel.
Run CWShredder and click "Fix" and allow it to complete the process.
After this, reboot the PC to normal mode and please post a new HijackThis log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
Thanks again.
I've done all that - but I couldn't find C:\WINDOWS\loadadv728.exe
Here's the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 8:12:58 AM, on 31/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Telstra\Cable Login\bpcService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex
e
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TechTracker\VersionTracker
Pro\VersionTrackerPro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.broadproductions.com.au
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.broadproductions.com.au
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper -
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program
Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -
{601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program
Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigPond] "I:\5100.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v4]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex
e
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program
Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Samsung LBP SM]
"C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program
Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /ErIEIndex
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word
- res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page
- res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla -
file://C:\Program
Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into
English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite...
- {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Control
s/en/x86/client/wuweb_site.cab?1134122074280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst
.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDow
nloader.cab
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login
(bpcService) - Unknown owner - C:\Program
Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido
networks - C:\Program Files\ewido
anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service -
Macromedia - C:\Program Files\Common Files\Macromedia
Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Thanks so much for this!!
I'm telling everyone about this site.
Cheers,
Jeremy
I've done all that - but I couldn't find C:\WINDOWS\loadadv728.exe
Here's the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 8:12:58 AM, on 31/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Telstra\Cable Login\bpcService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex
e
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TechTracker\VersionTracker
Pro\VersionTrackerPro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.broadproductions.com.au
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.broadproductions.com.au
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper -
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program
Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -
{601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program
Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigPond] "I:\5100.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v4]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex
e
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program
Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Samsung LBP SM]
"C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program
Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner]
C:\Program Files\Windows & Internet
Cleaner\WICleaner.exe /ErIEIndex
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word
- res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page
- res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla -
file://C:\Program
Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into
English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite...
- {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Control
s/en/x86/client/wuweb_site.cab?1134122074280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst
.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDow
nloader.cab
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login
(bpcService) - Unknown owner - C:\Program
Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido
networks - C:\Program Files\ewido
anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service -
Macromedia - C:\Program Files\Common Files\Macromedia
Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Thanks so much for this!!
I'm telling everyone about this site.
Cheers,
Jeremy
Hi,
Log looks clean Is your PC running fine? Do you still get the icon which gives spyware alerts, in SystemTray?
Log looks clean
Is your PC running fine? Do you still get the icon which gives spyware alerts, in SystemTray? "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
 |
Similar Threads
- Possible virus problem? i dunno:P (Viruses, Spyware and other Nasties)
- Myspace IM virus thing (Viruses, Spyware and other Nasties)
- Do I have a virus? (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: A agntsrvc.exe file error
- Next Thread: inet20099 Problem
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
