Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this Log Please help diagnose


  • Please log in to reply
1 reply to this topic

#1 lsj0302

lsj0302

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 07 May 2005 - 05:12 PM

I have an odd thing that has been going on with my computer for some time.

When I start it up (XP) and go to my user name I get a window that says:

"Application has generated an exception that could not be handled. Process id=Ox24c(588), Thread id=Ox658(1624). Click ok to terminate the application. Click cancel to debug."

I am not certain if the numbers in the process and thread ids are zeros or the letter O. I am not able to debug. So I click ok.

The process and thread ids change, and are not always the same.

Eventually I have to restart the computer because I cannot access Outlook Express or the Internet....the system just says "connecting" and it never does.

It was suggested I use an online scan.

I use Spybot Search and Destroy and Ad-Aware pretty regularly. I use AVG for anti-virus. I tried the Pandascan, and got a very long list of problems. Only a few could be disinfected. I saved the report to my desktop and here is what it looks like:
ncident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\adcache
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Gain Publishing
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\susp.???
Adware:Adware/SAHAgent No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.???
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/SideStep No disinfected Windows Registry
Adware:Adware/TopSearch No disinfected C:\Program Files\kazaa\topsearch.dll
Adware:Adware/P2PNetworking No disinfected Windows Registry
Virus:Trj/WmvDownloader.A Disinfected C:\My Shared Folder\J-Kwon - Hood Hop - 3 - Tipsy.wma
Virus:Trj/WmvDownloader.A Disinfected C:\My Shared Folder\Maroon5 - This Love - Songs About Jane - 2.wma
Adware:Adware/TopSearch No disinfected C:\Program Files\Kazaa\TopSearch.dll
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\a.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\b.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ba.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bb.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\be.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bf.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bg.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bh.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bi.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bj.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bk.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bl.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bm.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bn.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bo.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bp.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bq.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\br.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bs.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bt.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bu.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bw.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bx.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\by.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\c.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ca.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cb.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\ce.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cf.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cg.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ch.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ci.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cj.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ck.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cl.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cm.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cn.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\co.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cp.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\cq.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\cr.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cs.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\ct.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cu.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cx.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\cz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\d.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\da.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\db.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\de.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\df.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\di.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dl.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dm.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\dn.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\dp.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dr.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ds.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dt.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\du.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dw.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dx.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\dy.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\dz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ed.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\f.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\h.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\i.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\j.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\l.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\m.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\Main.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\n.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\p.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\q.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\r.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\s.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\t.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\u.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\w.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\x.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\y.class
Adware:Adware/WurldMedia No disinfected C:\Program Files\MySearch\bar\s4Setp.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.ini
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\alchem.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\bi1.inf
Virus:Trj/Downloader.L Disinfected C:\WINDOWS\INF\susp.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\susp.ini
Virus:W32/Spybot.MA.worm Disinfected C:\WINDOWS\SYSTEM32\MSGinaV.bad
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\SYSTEM32\ntdel\staff.html
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\SYSTEM32\ntdel\x.bat
Virus:Trj/Multidropper.ADD Disinfected C:\WINDOWS\SYSTEM32\tdbOs.dll

Then it was suggested I try Hijack this and send it in in this forum. Here is what I got:

Logfile of HijackThis v1.99.1
Scan saved at 6:05:38 PM, on 5/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=17
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\stephanie\local settings\temp\fsg_4203.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thank you very much for any help.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:14 PM

Posted 08 May 2005 - 04:28 PM

Hello lsj0302 and welcome to the BC forums. Most of what you see in the scan report is related directly to P2P file-sharing programs. Some of these include advertizing programs built in to them and so that is the result you get. If you would like to remove that then you must uninstall those apps.

I see that you have both P2P Networking, Kazaa and Limewire installed. Bother of these programs are known to install advertizing components on your computer. I recommend that you remove them by:
  • Click Start.
  • Click Control Panel.
  • Double-click Add or Remove Programs.
  • Look in the Currently installed programs box for each program listed below and if it is there:
  • Click on it to select it.
  • Click Change (or Change/Remove) button.
  • If you are prompted to confirm the removal of the program, click Yes.
P2P Networking
LimeWire (and any Limewire related components)
Kazaa
NewDotNet (if installed)

Next, start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\stephanie\local settings\temp\fsg_4203.exe"
Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\system32\P2P Networking\ <--folder
C:\Program Files\LimeShop\ <--folder
C:\Program Files\LimeWire\ <--folder
C:\Program Files\kazaa\ <--folder

You can also delete all files found in the scans that were not removed.

Note: If you receive any error messages while trying to delete any of the above files/folders then reboot into Safe Mode and try to delete them again. See the instructions below on how to boot into Safe Mode.

If needed, start in Safe Mode Using the F8 method:
  • Restart the computer in Safe Mode.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
If you booted into Safe Mode, boot normally and download CCleaner and install it.
Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

That's it! Most of the items that were listed are not showing in the log. Only that one item that we removed so it all boils down to if you want to run the file-sharing programs or not. If so, then by using them you will have most of those items replaced if you remove them.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users