Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis log: Please Help Diagnose


  • Please log in to reply
7 replies to this topic

#1 bsbllplaya538

bsbllplaya538

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 04 June 2005 - 10:59 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:44:01 AM, on 6/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\Toolbar\radio.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\PowerS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\temp\salm.exe
C:\WINDOWS\system32\ap9h4qmo.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Pvbakq\Qctl.exe
C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://58
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://58
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://58
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8082
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O2 - BHO: Yaya Show BB - {29F7B7FA-ADC8-48ea-9E1C-EA87A05AE642} - C:\WINDOWS\System32\sbb.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8C58184C-80AD-8020-D33F-871D85494094} - C:\WINDOWS\system32\nvbvzapm.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O2 - BHO: - {A9394C0C-267E-4D6B-931B-DB31831904F1} - C:\WINDOWS\lbbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: - {C8811283-E3E6-4F53-AF28-55CCF09A318E} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O2 - BHO: (no name) - {DB64B2EB-7A01-7AD1-7D55-71C2B85E4694} - C:\WINDOWS\system32\hmvq.dll (file missing)
O2 - BHO: (no name) - {EFAC9B06-09B8-0737-92FB-5B3027102592} - C:\WINDOWS\system32\gmy.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: iMesh Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [lot] C:\WINDOWS\lot.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Cbbblr] C:\Program Files\Pvbakq\Qctl.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
O4 - Global Startup: TV Scheduler.lnk = C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6596829B-37D4-40AD-971B-1E9041725C52} - http://www.direct-ip.com/deliver/usa/ms.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

BC AdBot (Login to Remove)

 


#2 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:50 AM

Posted 04 June 2005 - 02:15 PM

Welcome bsbllplaya538 to Bleeping Computer.

I suggest you remove NewDotNet unless you deliberately installed it. It is extremely dubious and commercially sponsored:

First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:

· From a computer that has Internet access, click on the following link:
http://www.new.net/support/uninstall6_76.exe.
· Download and save uninstall6_76.exe to Local Disc C
· Click on Start.
· Click on Run.
· In the Open window type, C:\uninstall6_76.exe.
· Click on the OK button.
· After removal, you may be prompted to reboot. Please reboot if not prompted.


***

Post back a fresh scanlog using HijackThis.

Also do this please:
Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your answer please.


Posted Image
Life is what happens while you're making other plans

#3 bsbllplaya538

bsbllplaya538
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 05 June 2005 - 09:12 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:09:21 AM, on 6/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\TEMP\SpGadhz1.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\Toolbar\radio.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\temp\salm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ap9h4qmo.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pvbakq\Qctl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\AIM\aim.exe
C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://58
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://58
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://58
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8082
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O2 - BHO: Yaya Show BB - {29F7B7FA-ADC8-48ea-9E1C-EA87A05AE642} - C:\WINDOWS\System32\sbb.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8C58184C-80AD-8020-D33F-871D85494094} - C:\WINDOWS\system32\nvbvzapm.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O2 - BHO: - {A9394C0C-267E-4D6B-931B-DB31831904F1} - C:\WINDOWS\lbbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: - {C8811283-E3E6-4F53-AF28-55CCF09A318E} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O2 - BHO: (no name) - {DB64B2EB-7A01-7AD1-7D55-71C2B85E4694} - C:\WINDOWS\system32\hmvq.dll (file missing)
O2 - BHO: (no name) - {EFAC9B06-09B8-0737-92FB-5B3027102592} - C:\WINDOWS\system32\gmy.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: iMesh Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [lot] C:\WINDOWS\lot.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Cbbblr] C:\Program Files\Pvbakq\Qctl.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
O4 - Global Startup: TV Scheduler.lnk = C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6596829B-37D4-40AD-971B-1E9041725C52} - http://www.direct-ip.com/deliver/usa/ms.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

^That is the fresh scan log...

And Here is the Unistall list:

Active Alert
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe PhotoDeluxe Home Edition 4.0
After Dark Games
AIM Toolbar
AOL Instant Messenger
Application Verifier Database
Avance AC'97 Audio
AviSynth 2.5
Britannica 2002 Standard Edition
BroadJump Client Foundation
Casino Kingdom
CC_ccProxyExt
ccCommon
ccPxyCore
Compatibility Administrator 3.0
DivX Player
DivX Pro Trial
EarthLink Accelerator
EarthLink FastLane
EarthLink TotalAccess 2004
Google Toolbar for Internet Explorer
Hallmark Card Studio
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Home Improvement 1-2-3
iMesh 5
iMesh Bar
Internet Optimizer
InterVideo Installer
InterVideo WinDVD
iPod Update 2004-04-28
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Lemonade Tycoon 2 (remove only)
Lernout & Hauspie TruVoice for Microsoft Agent
Lexmark Supplies Monitor
Lexmark Z23-Z33
LimeWire 4.6.0
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Lotus SmartSuite Release 9.5
MasterCook 6: Deluxe Edition
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Application Compatibility Analyzer 1.0
Microsoft Broadband Networking
Microsoft Data Access Components KB870669
Microsoft Windows Journal Viewer
Mobile Media Maker (PSP) Demo 1.0
MSRedist
NetMedia 2.1
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
NVIDIA Display Driver
NVIDIA Drivers
OIN
P2P Networking
Pacific Poker
PlayTV Pro
PSP Video 9 1.37
QuickTime
Radio@Netscape Plus
RelevantKnowledge
Royal Vegas Poker
ShopAtHomeSelect Cash Back
SideStep
Sierra Utilities
Software Update Manager
SPBBC
Symantec Script Blocking Installer
SymNet
The Complete Reference Collection 1998
TI Connect™ 1.3
TopText iLookup
Ulead Photo Express 4.0 My Scrapbook Edition
Uninstall 180search Assistant
Universal Boxing Manager
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
Web Offer
WebRebates (by TopRebates.com)
WebSearc
WildTangent Web Driver
Windows Application Verifier 2.50
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Related
Windows XP Service Pack 2
WinMX
WinPcap 3.1 beta3
WinPoET v4.0
Win-Tools Easy Installer (by WebSearch)
WinZip
WONswap
WSEM Update
XviD MPEG-4 Video Codec
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar

#4 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:50 AM

Posted 05 June 2005 - 09:30 AM

Well, let's get started.

Follow these removal instruction to remove iMesh from your computer (Before proceeding, you should move any documents in iMesh folder that you wish to keep):1. Click Start > Settings > Control Panel, and double-click Add/Remove Programs.
2. Scroll down the list till you find the iMesh entry. Then click Remove or Change/Remove. Follow the on screen instruction to finish the uninstallation automatically.
3. Open the Program Files directory and delete the iMesh folder along with all the files within it.
4. Return to Add/Remove Programs in the Control Panel and locate iMesh ads support.
5. Select iMesh ads support and click Change/Remove.
***

Reboot the computer.

***

Open HijackThis.
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
In the list find:
Internet Optimizer
P2P Networking
Royal Vegas Poker
ShopAtHomeSelect Cash Back
SideStep
TopText iLookup
Uninstall 180search Assistant
Web Offer
WebRebates (by TopRebates.com)
WebSearc
Win-Tools Easy Installer (by WebSearch)
Press ‘delete this entry’ for each item.
Close HijackThis.

Reboot the computer.

***

Download CleanUp!.
If that doesn’t work, use this link.
Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/tutorials/how-to-use-cleanup/

Find and doubleclick the file cleanup.

Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'

Once it's done, log off and log on again. This will remove files that were in use during the scan.

***

Please do an online scan, 2 would be better,

Trend Micro Housecall
Panda online scan

Make sure that you choose "fix" or "clean".

***

Post back in this topic with a fresh log using HijackThis.


Posted Image
Life is what happens while you're making other plans

#5 bsbllplaya538

bsbllplaya538
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 06 June 2005 - 09:41 PM

Thanks a lot for your help so far your info has been very helpful, the Cleanup program got rid of 3.9GB! Haha

Well heres the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:40:05 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\Toolbar\radio.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\temp\salm.exe
C:\WINDOWS\system32\ap9h4qmo.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Pvbakq\Qctl.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\AIM\aim.exe
C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50245
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O2 - BHO: Yaya Show BB - {29F7B7FA-ADC8-48ea-9E1C-EA87A05AE642} - C:\WINDOWS\System32\sbb.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8C58184C-80AD-8020-D33F-871D85494094} - C:\WINDOWS\system32\nvbvzapm.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O2 - BHO: - {A9394C0C-267E-4D6B-931B-DB31831904F1} - C:\WINDOWS\lbbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: - {C8811283-E3E6-4F53-AF28-55CCF09A318E} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O2 - BHO: (no name) - {DB64B2EB-7A01-7AD1-7D55-71C2B85E4694} - C:\WINDOWS\system32\hmvq.dll (file missing)
O2 - BHO: (no name) - {EFAC9B06-09B8-0737-92FB-5B3027102592} - C:\WINDOWS\system32\gmy.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [lot] C:\WINDOWS\lot.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Cbbblr] C:\Program Files\Pvbakq\Qctl.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
O4 - Global Startup: TV Scheduler.lnk = C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6596829B-37D4-40AD-971B-1E9041725C52} - http://www.direct-ip.com/deliver/usa/ms.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

#6 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:50 AM

Posted 07 June 2005 - 01:59 AM

Did you remove all off these:
Internet Optimizer
P2P Networking
Royal Vegas Poker
ShopAtHomeSelect Cash Back
SideStep
TopText iLookup
Uninstall 180search Assistant
Web Offer
WebRebates (by TopRebates.com)
WebSearc
Win-Tools Easy Installer (by WebSearch)

and reboot the system?

There's so much left behind...


Posted Image
Life is what happens while you're making other plans

#7 bsbllplaya538

bsbllplaya538
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 08 June 2005 - 07:44 PM

yes i did, but they keep comign back. On the scan i did a trend micro it came up with 7 viruses, but couldn't clean them. Im not sure why, some said that they were in use.

#8 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:50 AM

Posted 09 June 2005 - 04:06 AM

Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!


Disable system restore:
Click Start > Programs > Accessories > Windows Explorer
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply
As noted in the message, this will delete all existing restore points. Click Yes to do this.
Click OK.

***

Please download and install these programs - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.


Please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.


Download and unzip cwsserviceremove to your desktop. use either link below:
http://computercops.biz/modules.php?name=F...ownload&id=3002
http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip


Download CW-Shredder.


Download the Killbox.
In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.


Download CleanUp!.
If that doesn’t work, use this link.


Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

+++++++++++++++++++++++++++++++++++++++++++++++++

Here's the fix:

Important Step
Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

WebSeach Toolbar support NT service

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. I

Repeat this for this service:
WinTools for IE service

***

Open HijackThis to the misc tools section and click the Delete an NT Sevice button. Paste in ¸
TBPSSvc
and click OK.

Repeat this for:
WinToolsSvc

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***

CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50245

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll

O2 - BHO: Yaya Show BB - {29F7B7FA-ADC8-48ea-9E1C-EA87A05AE642} - C:\WINDOWS\System32\sbb.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {8C58184C-80AD-8020-D33F-871D85494094} - C:\WINDOWS\system32\nvbvzapm.dll

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)

O2 - BHO: - {A9394C0C-267E-4D6B-931B-DB31831904F1} - C:\WINDOWS\lbbho.dll

O2 - BHO: - {C8811283-E3E6-4F53-AF28-55CCF09A318E} - C:\WINDOWS\lbbho.dll

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll

O2 - BHO: (no name) - {DB64B2EB-7A01-7AD1-7D55-71C2B85E4694} - C:\WINDOWS\system32\hmvq.dll (file missing)

O2 - BHO: (no name) - {EFAC9B06-09B8-0737-92FB-5B3027102592} - C:\WINDOWS\system32\gmy.dll (file missing)

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)

O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain

O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C

O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [lot] C:\WINDOWS\lot.exe

O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKLM\..\Run: [Cbbblr] C:\Program Files\Pvbakq\Qctl.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot

O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll

O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb028.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c18.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

Click "Fix Checked". Close HijackThis

***

Use Windows Explorer to remove these folders:

C:\PROGRA~1\COMMON~1\WinTools\

C:\Program Files\Viewpoint\

C:\WINDOWS\system32\P2P Networking\

c:\program files\altnet\

C:\Program Files\Media Access\

C:\Program Files\Internet Optimizer\

C:\PROGRAM FILES\Toolbar\

C:\Program Files\Pvbakq\

C:\Program Files\Web_Rebates\

C:\Program Files\MyWebSearch\

Close Windows Explorer when you are done.

***

Double-click Killbox.exe to run it.
Select "Delete on Reboot".
Open the Notepad file where you saved the file paths earlier.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C


C:\WINDOWS\system32\stlb2.dll
C:\WINDOWS\system32\E6F1873B.DLL
c:\temp\salm.exe
C:\WINDOWS\lot.exe
C:\WINDOWS\system32\ap9h4qmo.exe


Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

***

Run AboutBuster. This will scan your computer for the bad files and delete them.
Please run About:Buster:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end.

Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

***

Scan with AdAware SE 1.06 and let it remove any bad (red) files found.

***

Run Cleanup!
Go to options
Select ‘custom’
Put a check to:* empty recycle bins
* delete prefetch files
* CleanUp! All users.
Press 'cleanup!'

Once it's done, press Close.

Reboot back to safe mode again.

***

Double click on the cwsserviceremove and when asked to merge say yes.

***

Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

***

Reboot into normal mode.

***

Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program.

***

Run this online virus scan: ActiveScan - Save the results from the scan!

***

Post a new HiJackThis log along with the results from ActiveScan.


Posted Image
Life is what happens while you're making other plans




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users