Okie dokie, so I've been making a really concerted effort to get the malware off of this computer and I think I'm making headway, but it is not there yet.
For a long time, I have been unable to update my Windows XP Media Center. I am not even on Service Pack 2 yet.
This has made it difficult to run some new software and malware is now blocking me from even loading the update.microsoft.com page.
Before the malware problem got as bad as it is, I was able to hit update.microsoft.com, but the system just died every time I attempted to install an update.
I have tried downloading the exe file from microsoft.com for "if your update does not work automatically" on another comp and copying it on a card over to the problem one, but this does not work.
In addition, I can't install the new IE 8 and I can't entirely remove the old IE 6. I have used the Control Panel uninstall Windows Components, but the files are still on my drive and iexplore.exe is often running in Task Manager, no matter how often I close it from there. I have tried manually deleting the files, yet they reappear. I have tried going through regedit and manually deleting anything which remotely referred to IE, although one key I think reappears when I do this. Regardless, the files reappear and I cannot upgrade to the current version.
This week the system installed the AntiVirus 2008 infection when I was not even seated at the computer and, for some time, it has periodically started popping up adverts. It also did the search engine redirect infection at about the same time this week. It is not currently popping ads and I think I got the AntiVirus 2008 scraped off of there. The redirect infection definitely appears to be fixed. Since getting rid of the most obvious offenders in the malware dept, here is what I've run without quite managing to 100% fix the machine:
I ran VundoFix and it did not find anything, although it had found Vundo and removed it in the past. I'm not positive I used the most current version of this, but everything else I know I used the current version.
I ran AdAware and, at first, the system kept crashing trying to run it. Finally got it to run by unchecking the autorepair. Ran thorough scan. It found a lot of stuff, but the system was still running crazy slow after removals, IE was still appearing to be running in Task Manager and could not be deleted, and still could not hit Microsoft update or download pages.
SpyBot keeps finding registry values trying to change themselves when I'm not even on that machine. I keep telling it to Deny.
I ran MBAM quick scan and it found 44 more things AdAware had not. System started behaving much more properly after this. Ran MBAM thorough scan and did not find anything additional.
Ran Stinger and it seemed to think it found a bunch of stuff and quarantined it, but I think it was just finding old things in compressed files in the trash of an archived copy of Netscape, not anything which was really currently acting on the machine. I let it do its thing anyway.
TrendMicro Housecall found some vestiges of Vundo and another Trojan first time through.
And here is my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:32 PM, on 9/6/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3
SSRP\E_S40RP7.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Forrest Black\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.blueblood.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.blueblood.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = sas.we1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.attbb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage",
"http://lifeofvice.com/tgp.html"); (C:\Program
Files\Netscape\Users\affiliates\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1ebbdfb7-9917-4ca0-a930-592b19c552d1} - (no file)
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -
Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {993DC475-77D7-4C70-8956-A9A5E66511E1} - (no file)
O2 - BHO: (no name) - {9CF9F87A-AF6D-4C23-BAC7-4E59FBBDE040} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update
2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet
Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program
Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program
Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
"C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common
Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program
Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program
Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [EPSON Stylus CX9400Fax Series]
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE" /FU
"C:\WINDOWS\TEMP\E_SA7D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Radio365Agent]
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Forrest
Black\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"
/c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program
Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program
Files\GretagMacbeth\i1\Eye-One Match
3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program
Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program
Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My
Book\WD Backup\uBBMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Copy to Semagic - C:\Program
Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Write a Review... -
http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration
- {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot -
Search & Destroy\SDHelper.dll
O9 - Extra button: Privacy protector monitor -
{52F18EF2-6030-4DD8-9B21-2B09A0959C2D} - (no file) (HKCU)
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -
O20 - Winlogon Notify: hggheee - hggheee.dll (file missing)
O20 - Winlogon Notify: vtuvuvw - vtuvuvw.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother
Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program
Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON
CORPORATION - C:\Documents and Settings\All Users\Application
Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common
Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation -
C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program
Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program
Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service -
Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO
Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony
Corporation - C:\Program Files\Common Files\Sony Shared\VAIO
Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony
Corporation - C:\Program Files\Common Files\Sony Shared\VAIO
Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony
Corporation - C:\Program Files\Common Files\Sony Shared\VAIO
Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server
(VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation -
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP)
(VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation -
C:\Program Files\Sony\vaio media integrated
server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP)
(VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation -
C:\Program Files\Sony\vaio media integrated
server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server
(VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program
Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server
(VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation -
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP)
(VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program
Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP)
(VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - About:Home
--
End of file - 15680 bytes
My apologies that some of these lines wrap, but I had to email the log to myself on another computer, as the infected one does not want to go to BleepingComputer.com. It is like the malware knows BleepingComputer.com shall destroy it.
Hello, affkatt.
to BleepingComputer.com
My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.
If you would still like help, please post a new HiJack This log below, as things may have changed on your system.
If you do not still need help, please let me know, so that I can move on to other users who still need help.
Please take note of the following:
Billy3
to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.
If you would still like help, please post a new HiJack This log below, as things may have changed on your system.
If you do not still need help, please let me know, so that I can move on to other users who still need help.
Please take note of the following:
- While a HJT Team member is working with you, please refrain from making any changes to your computer.
- Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
- If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
- Please reply using the
button in the lower left hand corner of your screen. - Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished"
.
Billy3
Hi Billy, thanks Computer is running faster than when I started this process. It is somewhat usable, although there is a lot of software I still can't install without upgrading to a newer service pack for Windows. I can hit sites like bleepingcomputer.com and the update.microsoft.com site from FireFox now, which I could not before. I did not want to attempt to open the reanimator Internet Explorer to do an actual Windows Update though yet, as every time I have had something (like installing Quicken for example) open IE over the past couple years, my computer immediately got tons of adware plus some more hostile malware on it.
So it would be great if you could see what infections it looks like I might still have and help me eradicate the corrupt IE, so I can install a proper new one. Thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:01 PM, on 9/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Allaire\HomeSite 4.5\homesite45.exe
C:\Documents and Settings\Forrest Black\Local Settings\Application Data\Spaz\Spaz.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\DOCUME~1\FORRES~1\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\FORRES~1\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\GlobalSCAPE\CuteFTP Professional\cuteftppro.exe
C:\Program Files\GlobalSCAPE\CuteFTP Professional\ftpte.exe
C:\PROGRA~1\NORTON~2\Navw32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueblood.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueblood.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.we1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.attbb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://lifeofvice.com/tgp.html"); (C:\Program Files\Netscape\Users\affiliates\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1ebbdfb7-9917-4ca0-a930-592b19c552d1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {993DC475-77D7-4C70-8956-A9A5E66511E1} - (no file)
O2 - BHO: (no name) - {9CF9F87A-AF6D-4C23-BAC7-4E59FBBDE040} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [EPSON Stylus CX9400Fax Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE" /FU "C:\WINDOWS\TEMP\E_SA7D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Forrest Black\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Privacy protector monitor - {52F18EF2-6030-4DD8-9B21-2B09A0959C2D} - (no file) (HKCU)
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -
O20 - Winlogon Notify: hggheee - hggheee.dll (file missing)
O20 - Winlogon Notify: vtuvuvw - vtuvuvw.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - About:Home
--
End of file - 16348 bytes
Computer is running faster than when I started this process. It is somewhat usable, although there is a lot of software I still can't install without upgrading to a newer service pack for Windows. I can hit sites like bleepingcomputer.com and the update.microsoft.com site from FireFox now, which I could not before. I did not want to attempt to open the reanimator Internet Explorer to do an actual Windows Update though yet, as every time I have had something (like installing Quicken for example) open IE over the past couple years, my computer immediately got tons of adware plus some more hostile malware on it. So it would be great if you could see what infections it looks like I might still have and help me eradicate the corrupt IE, so I can install a proper new one. Thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:01 PM, on 9/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Allaire\HomeSite 4.5\homesite45.exe
C:\Documents and Settings\Forrest Black\Local Settings\Application Data\Spaz\Spaz.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\DOCUME~1\FORRES~1\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\FORRES~1\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\GlobalSCAPE\CuteFTP Professional\cuteftppro.exe
C:\Program Files\GlobalSCAPE\CuteFTP Professional\ftpte.exe
C:\PROGRA~1\NORTON~2\Navw32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueblood.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueblood.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.we1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.attbb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://lifeofvice.com/tgp.html"); (C:\Program Files\Netscape\Users\affiliates\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1ebbdfb7-9917-4ca0-a930-592b19c552d1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {993DC475-77D7-4C70-8956-A9A5E66511E1} - (no file)
O2 - BHO: (no name) - {9CF9F87A-AF6D-4C23-BAC7-4E59FBBDE040} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [EPSON Stylus CX9400Fax Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE" /FU "C:\WINDOWS\TEMP\E_SA7D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Forrest Black\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Privacy protector monitor - {52F18EF2-6030-4DD8-9B21-2B09A0959C2D} - (no file) (HKCU)
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -
O20 - Winlogon Notify: hggheee - hggheee.dll (file missing)
O20 - Winlogon Notify: vtuvuvw - vtuvuvw.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - About:Home
--
End of file - 16348 bytes
Hello, affkatt.
Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.
You appear to have a Registry Cleaner installed!
The following is referring to Uniblue Registry Booster 2
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.
We need to disable SpyBot Search and Destroy's "Tea Timer"
We have to remove some entries in HiJack This
We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Check the "Scan All Users" and "Include MD5" checkboxes at the top of the window. Do not change any other settings. Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Save the file to your desktop or other location where you can find it back. Use the Add Reply button and attach the file in your next post.
In your next reply, please include the following:
Billy3
Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.
You appear to have a Registry Cleaner installed!
The following is referring to Uniblue Registry Booster 2
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
- Registry tools can cause irreparable damage to your Operating System
- Registry tools can, as a result of the above, render your pc to be inoperable.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.
We need to disable SpyBot Search and Destroy's "Tea Timer"
- Launch SpyBot Search and Destroy, go to the Mode menu and make sure "Advanced Mode" is selected.
- On the left hand side, click on Tools, then click on the Resident Icon in the list.
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- Click on the "System Startup" icon in the List
- Uncheck the "TeaTimer" box and "OK" any prompts.
- If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
- Exit/Close Spybot S&D when done.
We have to remove some entries in HiJack This
- Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://lifeofvice.com/tgp.html"); (C:\Program Files\Netscape\Users\affiliates\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1ebbdfb7-9917-4ca0-a930-592b19c552d1} - (no file)
O2 - BHO: (no name) - {993DC475-77D7-4C70-8956-A9A5E66511E1} - (no file)
O2 - BHO: (no name) - {9CF9F87A-AF6D-4C23-BAC7-4E59FBBDE040} - (no file)
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Privacy protector monitor - {52F18EF2-6030-4DD8-9B21-2B09A0959C2D} - (no file) (HKCU)
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -
O20 - Winlogon Notify: hggheee - hggheee.dll (file missing)
O20 - Winlogon Notify: vtuvuvw - vtuvuvw.dll (file missing) - Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
- Double-click ATF-Cleaner.exe to run the program.
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
- Click Firefox at the top and choose Select All from the list.
- Click the Empty Selected button.
- NOTE : If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose Select All from the list.
- Close ALL Internet browsers (very important).
- Click the Empty Selected button.
- NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
- Close ALL OTHER PROGRAMS.
- Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
- In the Drivers section click on Non-Microsoft.
- In the Rootkit Search area select Yes
- Under Additional Scans click the checkboxes in front of the following items to select them:
- Reg - BotCheck
Reg - Disabled MS Config Items
Reg - File Associations
Reg - Uninstall List
File - Additional Folder Scans
In your next reply, please include the following:
- OTScanIt Report
Billy3
Thanks very much. Before I start on these steps, can you advise me of what I'd be removing with the HiJack steps please? No idea what the no name registry entries are. Do have ICQ on this machine but use Trillian. Not sure if ICQVideo has anything to do with ICQ. The Netscape homepage is not malware and I do use Alexa, although I've never written an Alexa review so I'm not sure if that is really part of Alexa or not.
Will the new scans and removals help to remove the infected install of IE?
Thanks again.
Will the new scans and removals help to remove the infected install of IE?
Thanks again.
Most of these entries are simply cleaning up mess... things left over after botched uninstalls of applications, or things left over from anti-malware tools that left things on your system.
A more in-depth explanation of each type of HiJack This line can be found here:
http://www.bleepingcomputer.com/tutorials/tutorial42.html
This will not be reinstalling internet explorer yet, first I have to be sure your computer is free of malware. Otherwise any repairs we do will simply be broken again.
Alexa is a data mining agent; it is considered to be malware by many. The ICQ line is an orphan. The homepage we can restore if need be later, but for now please check the line.
Billy3
A more in-depth explanation of each type of HiJack This line can be found here:
http://www.bleepingcomputer.com/tutorials/tutorial42.html
This will not be reinstalling internet explorer yet, first I have to be sure your computer is free of malware. Otherwise any repairs we do will simply be broken again.
Alexa is a data mining agent; it is considered to be malware by many. The ICQ line is an orphan. The homepage we can restore if need be later, but for now please check the line.
Billy3
Hello, affkatt.
Are you still here?
Billy3
Are you still here?
Billy3
Hello, affkatt.
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please send me or another moderator a PM.
Everyone else please begin a new topic.
Billy3
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please send me or another moderator a PM.
Everyone else please begin a new topic.
Billy3
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.