•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 402,623 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,178 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums
Views: 9556 | Replies: 21
 |
| |
•
•
Join Date: Feb 2006
Location: WA
Posts: 19
Reputation: 
Rep Power: 3
Solved Threads: 0
Newbie Poster
trojans...now nothing opens and I get a paint can't open error I actually found this forum last night and planned to post my computer log today. A couple days ago I got a virus that has only multiplied into more viruses and trojans. I have Avast and usually have no issues, but Avast can barely keep up and can't move or delete any of the files because they disapear before that can be done. Now this morning I start up my computer an none of my programs started up on startup and when I click on a program it will not open and I get the following error:
"C:\..........\.....\.......exe
Paint cannot read this file.
This is not a valid bitmap file, or its format is not currently supported."
I can get some programs to open if I righ click and choose "run as" and then click ok leaving the options set for "owner"
I shut off the networking and removed my personal files. I do have trial programs on there that I REALLY need!
So what now and where should I start.
Thank you.
"C:\..........\.....\.......exe
Paint cannot read this file.
This is not a valid bitmap file, or its format is not currently supported."
I can get some programs to open if I righ click and choose "run as" and then click ok leaving the options set for "owner"
I shut off the networking and removed my personal files. I do have trial programs on there that I REALLY need!
So what now and where should I start.
Thank you.
•
•
Join Date: Feb 2006
Location: WA
Posts: 19
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
OK I read some of the other posts and downloaded Hijackthis, ran it, checked some things and then clicked "fix" and nothing, I seem to not have access to anything. The thing I explained earlier about not being abot to open files well the one way I was able to get some of them open is not an option for anything in the control panel. I feel like I am at a brick wall. And on somethings it askes for the adminitrator password and I have no idea I even had one. I just got my notebook back from the gateway repair center in TX and it came back totally wiped out and bare and 2 days later here I am.
•
•
Join Date: Feb 2006
Location: WA
Posts: 19
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
I do have findthewebsiteyouneed on my computer
•
•
Join Date: Feb 2006
Location: WA
Posts: 19
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
Here is my first log from Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 3:32:04 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\yvilktz.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\virus tools\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [gimmygames] C:\WINDOWS\gimmygames.exe
O4 - HKLM\..\Run: [yvilktzA] C:\WINDOWS\yvilktzA.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1139907414093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139907399292
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yvilktz.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
---------------------------------------------------------------------
Below is the second log after I removed a few things...
---------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:37:40 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\yvilktz.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\virus tools\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [yvilktzA] C:\WINDOWS\yvilktzA.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yvilktz.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
---------------------------------------------------------------------
Right now the following program is running on the notebook
Symantec Spyware.Dotcomtoolbar Removal Tool 1.0.1
Now what? =( Thankfully there is a business desktop here too so I am able to do this.
Logfile of HijackThis v1.99.1
Scan saved at 3:32:04 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\yvilktz.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\virus tools\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [gimmygames] C:\WINDOWS\gimmygames.exe
O4 - HKLM\..\Run: [yvilktzA] C:\WINDOWS\yvilktzA.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1139907414093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139907399292
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yvilktz.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
---------------------------------------------------------------------
Below is the second log after I removed a few things...
---------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:37:40 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\yvilktz.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\virus tools\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [yvilktzA] C:\WINDOWS\yvilktzA.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yvilktz.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
---------------------------------------------------------------------
Right now the following program is running on the notebook
Symantec Spyware.Dotcomtoolbar Removal Tool 1.0.1
Now what? =( Thankfully there is a business desktop here too so I am able to do this.
•
•
Join Date: Feb 2006
Location: WA
Posts: 19
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
I have tried to post them and they seem to large????
•
•
Join Date: Feb 2006
Location: WA
Posts: 19
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
Spy Sweeper...
---------------------------------------
********
10:20 AM: | Start of Session, Monday, February 20, 2006 |
10:20 AM: Spy Sweeper started
10:20 AM: Sweep initiated using definitions version 556
10:20 AM: Starting Memory Sweep
10:22 AM: Memory Sweep Complete, Elapsed Time: 00:02:11
10:22 AM: Starting Registry Sweep
10:23 AM: Found Adware: visfx
10:23 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
10:23 AM: Found Adware: findthewebsiteyouneed hijacker
10:23 AM: HKU\WRSS_Profile_S-1-5-21-1229621867-3947234152-1274267536-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
10:23 AM: Registry Sweep Complete, Elapsed Time:00:00:45
10:23 AM: Starting Cookie Sweep
10:23 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:23 AM: Starting File Sweep
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\tsweb1.htm". The system cannot find the file specified
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ics.htm". The system cannot find the file specified
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht05p.htm". The system cannot find the file specified
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht06p.htm". The system cannot find the file specified
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht26p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht03p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht19p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht21p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht20p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht18p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht02p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht13p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0004.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\page1.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0010.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0006.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0002.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0007.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0005.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\tip.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0014.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\netmeet.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\au_plcy.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\welcome.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\root\cmpnents\tabletpc\i386\viewer.htm". The system cannot find the path specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\autoupdt.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht23p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht08p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht00p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\safemode.htt". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht25p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht10p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht09p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht15p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht04p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht14p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht16p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\dtsgnup.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\actshell.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\msobshel.htm". The system cannot find the file specified
10:28 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\updshell.htm". The system cannot find the file specified
10:48 AM: File Sweep Complete, Elapsed Time: 00:24:54
10:48 AM: Full Sweep has completed. Elapsed time 00:27:57
10:48 AM: Traces Found: 4
10:54 AM: Removal process initiated
10:55 AM: Quarantining All Traces: visfx
10:55 AM: Quarantining All Traces: findthewebsiteyouneed hijacker
10:55 AM: Removal process completed. Elapsed time 00:00:05
10:55 AM: Processing Startup Alerts
10:55 AM: Allowed Startup entry: Windows Defender
********
10:18 AM: | Start of Session, Monday, February 20, 2006 |
10:18 AM: Spy Sweeper started
10:19 AM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
10:20 AM: | End of Session, Monday, February 20, 2006 |
---------------------------------------
********
10:20 AM: | Start of Session, Monday, February 20, 2006 |
10:20 AM: Spy Sweeper started
10:20 AM: Sweep initiated using definitions version 556
10:20 AM: Starting Memory Sweep
10:22 AM: Memory Sweep Complete, Elapsed Time: 00:02:11
10:22 AM: Starting Registry Sweep
10:23 AM: Found Adware: visfx
10:23 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
10:23 AM: Found Adware: findthewebsiteyouneed hijacker
10:23 AM: HKU\WRSS_Profile_S-1-5-21-1229621867-3947234152-1274267536-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
10:23 AM: Registry Sweep Complete, Elapsed Time:00:00:45
10:23 AM: Starting Cookie Sweep
10:23 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:23 AM: Starting File Sweep
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\tsweb1.htm". The system cannot find the file specified
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ics.htm". The system cannot find the file specified
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht05p.htm". The system cannot find the file specified
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht06p.htm". The system cannot find the file specified
10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht26p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht03p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht19p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht21p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht20p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht18p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht02p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht13p.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0004.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\page1.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0010.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0006.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0002.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0007.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0005.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\tip.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0014.asp". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\netmeet.htm". The system cannot find the file specified
10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\au_plcy.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\welcome.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\root\cmpnents\tabletpc\i386\viewer.htm". The system cannot find the path specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\autoupdt.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht23p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht08p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht00p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\safemode.htt". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht25p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht10p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht09p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht15p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht04p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht14p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht16p.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\dtsgnup.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\actshell.htm". The system cannot find the file specified
10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\msobshel.htm". The system cannot find the file specified
10:28 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\updshell.htm". The system cannot find the file specified
10:48 AM: File Sweep Complete, Elapsed Time: 00:24:54
10:48 AM: Full Sweep has completed. Elapsed time 00:27:57
10:48 AM: Traces Found: 4
10:54 AM: Removal process initiated
10:55 AM: Quarantining All Traces: visfx
10:55 AM: Quarantining All Traces: findthewebsiteyouneed hijacker
10:55 AM: Removal process completed. Elapsed time 00:00:05
10:55 AM: Processing Startup Alerts
10:55 AM: Allowed Startup entry: Windows Defender
********
10:18 AM: | Start of Session, Monday, February 20, 2006 |
10:18 AM: Spy Sweeper started
10:19 AM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
10:20 AM: | End of Session, Monday, February 20, 2006 |
Last edited by Redheaded : Feb 20th, 2006 at 2:43 pm. Reason: wrong stuff
•
•
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation:
Rep Power: 18
Solved Threads: 340
Are you able to download from the Internet? If so:
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.
> Download and install the following utilities:
CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
ewido Anti-malware (14 day free trial) - http://www.ewido.net/en/download/
- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.
- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.
- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.
- Open your anti-virus program and make sure that it has the most current virus definitions installed. Again- don't scan yet, just close the program once it's updated.
>Open the Services utility in your Administrative Tools control panel.
* In the list of services, locate the service named "Windows Overlay Components" and double-click on it.
* In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
* Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.
> Run HijackThis again and have it fix the following entries:
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [yvilktzA] C:\WINDOWS\yvilktzA.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yvilktz.exe
* Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:
Windows Overlay Components
Close HijackThis after that.
> Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and:
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu; check "Show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types". Close Explorer after that.
- Open CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK
- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders
- Click on Run Cleaner
It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.
- Run your anti-virus, MS Antispyware, and ewido; have the programs fix all malicious items they find.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.
- Run Spy Sweeper.
* Under the Sweep Options tab, select ALL options under 'What to Sweep'.
* Click the "Sweep" icon and then "Start" to begin scanning.
*When the scan completes, click Next to automatically quarantine all detected items.
*Click the Results icon, select Session Log, and then click Save to File. Save the scan results to your desktop and close Spy Sweeper.
> Open Windows Explorer again and search for the following files. Delete them if they still exist:
winlog.exe
C:\windows\winsysupd9.exe
C:\windows\winsysban9.exe
C:\WINDOWS\yvilktzA.exe
C:\WINDOWS\yvilktz.exe
> Empty your Recycle Bin and reboot normally.
> Run HijackThis again, and post the new log. Also post the logs that ewido and Spy Sweeper generated.
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.
> Download and install the following utilities:
CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
ewido Anti-malware (14 day free trial) - http://www.ewido.net/en/download/
- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.
- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.
- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.
- Open your anti-virus program and make sure that it has the most current virus definitions installed. Again- don't scan yet, just close the program once it's updated.
>Open the Services utility in your Administrative Tools control panel.
* In the list of services, locate the service named "Windows Overlay Components" and double-click on it.
* In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
* Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.
> Run HijackThis again and have it fix the following entries:
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [yvilktzA] C:\WINDOWS\yvilktzA.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yvilktz.exe
* Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:
Windows Overlay Components
Close HijackThis after that.
> Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and:
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu; check "Show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types". Close Explorer after that.
- Open CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK
- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders
- Click on Run Cleaner
It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.
- Run your anti-virus, MS Antispyware, and ewido; have the programs fix all malicious items they find.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.
- Run Spy Sweeper.
* Under the Sweep Options tab, select ALL options under 'What to Sweep'.
* Click the "Sweep" icon and then "Start" to begin scanning.
*When the scan completes, click Next to automatically quarantine all detected items.
*Click the Results icon, select Session Log, and then click Save to File. Save the scan results to your desktop and close Spy Sweeper.
> Open Windows Explorer again and search for the following files. Delete them if they still exist:
winlog.exe
C:\windows\winsysupd9.exe
C:\windows\winsysban9.exe
C:\WINDOWS\yvilktzA.exe
C:\WINDOWS\yvilktz.exe
> Empty your Recycle Bin and reboot normally.
> Run HijackThis again, and post the new log. Also post the logs that ewido and Spy Sweeper generated.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Feb 2006
Location: WA
Posts: 19
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
The Ewido is the one that seemstoo large. let me know if there is any other way to send it.
Here is the HijackThis log...
-------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:03:37 AM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\virus tools\ewido anti-malware\ewidoctrl.exe
C:\Program Files\virus tools\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\virus tools\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP1.1sp1-KB886903-X86.exe
C:\WINDOWS\TEMP\SL3.tmp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\virus tools\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\virus tools\ewido anti-malware\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Here is the HijackThis log...
-------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:03:37 AM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\virus tools\ewido anti-malware\ewidoctrl.exe
C:\Program Files\virus tools\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\virus tools\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP1.1sp1-KB886903-X86.exe
C:\WINDOWS\TEMP\SL3.tmp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\virus tools\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\virus tools\ewido anti-malware\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
•
•
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation:
Rep Power: 18
Solved Threads: 340
•
•
•
•
Originally Posted by Redheaded
The Ewido is the one that seemstoo large. let me know if there is any other way to send it.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Hybrid Mode
•
•
•
•
algos apple cocoa computer dell development drivers firefox fortitude framework games graphics hope intel internet java linux malware mcafee microsoft microsystems mozilla news next open open source open-source opengl operating programming red hat reliability search security software source spyware step struggle sun super system trial-and-error ubuntu victory viruses vista wesnoth windows xp
- Previous Thread: in my yahoo, just after entering username, password etc the messenger window closes
- Next Thread: Possibly infected
