Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please let me know what needs to be deleted.


  • Please log in to reply
8 replies to this topic

#1 sriggan

sriggan

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 24 June 2005 - 04:38 PM

I am trying to help out a family member to clean up their computer. Please tell me what needs to be deleted. They have all kinds of spyware that AdAware will not delete for some reason. Thanks in advance for the help.

Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 5:44:20 PM, on 6/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Toolbar\tbps.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Documents and Settings\Patricia King\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IM] C:\PROGRA~1\EARTHL~3\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: Weatherscope.lnk = C:\Program Files\Weatherscope\Weatherscope.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...er3/install.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

BC AdBot (Login to Remove)

 


m

#2 H@ns

H@ns

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 25 June 2005 - 08:42 AM

1. Run this online virusscan (make sure “Auto Clean” is checked):
- http://housecall.trendmicro.com/housecall/start_corp.asp

2. Please download, install, update and scan your system with the free version of Ewido trojan scanner: http://www.ewido.net/en/download/
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Save this log to your desktop.
3. Reboot your system, make HijackThis log, and post it here, as well as the log from the Ewido scan.

#3 sriggan

sriggan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 25 June 2005 - 04:41 PM

Thanks so much for your help with this.

Here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 5:37:58 PM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\TEMP\OfBVH4HM.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MemoKit\memokit2.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Patricia King\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IM] C:\PROGRA~1\EARTHL~3\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: Weatherscope.lnk = C:\Program Files\Weatherscope\Weatherscope.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...er3/install.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:40:16 PM, 6/25/2005
+ Report-Checksum: 39DFEF3D

+ Date of database: 6/25/2005
+ Version of scan engine: v3.0

+ Duration: 32 min
+ Scanned Files: 70154
+ Speed: 35.99 Files/Second
+ Infected files: 49
+ Removed files: 49
+ Files put in quarantine: 49
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\patatack@earthlink.net\Cookies\patricia king@mywebsearch[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@35487201[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@bannerspace[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@buy.rpts[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@dcsklxjd7oifwzramfu7ehxd9_2j2f[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@ehg-dig.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@guide.real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@link[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@mywebsearch[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@network[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@newsobserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@realguide.real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@websearch[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@www.affiliatefuel[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Earthlink\6.0\thirdking@earthlink.net\Cookies\patricia king@www.newsobserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\0476eb7533fd188aec8cac697363c1ef -> Spyware.Gator.6041 -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\0f658b01ad3790bc6f28655cbc50c191 -> Spyware.Gain.6041 -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\18070a7aa4f031b69c4b60c807ed48e8 -> Spyware.Gator.6041 -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\278fa368d2450ef979824be99feb74cf -> Spyware.Gator -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\3862a81d828fa452f7667016d6e6251d -> Spyware.WildTangent.b -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\3cb56c2bca95d2a6f834d455c8e42371 -> Spyware.Gator.6041 -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\42e20d41b230193caaab76dd1015ede6 -> Spyware.Gator.6041 -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\5ca877d048bb99fbefa644b088998e30 -> Spyware.Gator.6041 -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\5e65c8bad76eb6d2f4675f5947613903 -> Spyware.Gator -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\7564d0315fc7ef81c2590a77d67a4f61 -> Spyware.Gator -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\967033e4665a24d0c5fd4e354fe8432c -> Spyware.WildTangent.b -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\a33e5fc8befbb6aa0092b8e82946994e -> Spyware.Gator.6041 -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\b37141d82fb035c1b81c9f81d120e89c -> Spyware.Gator.6041 -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\b85d63cc4c2681ea80ce12941392a517 -> Spyware.MyWebSearch -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\eaeba9066d76db9ed1d5af254ccba2b5 -> Spyware.Claria -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\ed2a338a3f321adddc37bad6227b2892 -> Spyware.MyWebSearch -> Cleaned with backup
C:\Documents and Settings\Patricia King\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\fe8f6908af37c0c05d97a9e02f031171 -> Spyware.Gator.6041 -> Cleaned with backup
C:\Documents and Settings\Patricia King\Cookies\patricia king@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Cookies\patricia king@linksynergy[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Cookies\patricia king@mywebsearch[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Cookies\patricia king@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Patricia King\Local Settings\Temp\edow_as2.exe -> TrojanDownloader.QDown.q -> Cleaned with backup
C:\Documents and Settings\Patricia King\Local Settings\Temp\temp.fr6CE0 -> Spyware.IBISToolbar -> Cleaned with backup
C:\Documents and Settings\Patricia King\Local Settings\Temp\temp.fr6F25 -> Spyware.IBISToolbar -> Cleaned with backup
C:\Documents and Settings\Patricia King\Local Settings\Temp\temp.frDBA3 -> Spyware.IBISToolbar -> Cleaned with backup
C:\Program Files\Toolbar\common.dll -> Spyware.WebSearch.aj -> Cleaned with backup
C:\Program Files\Toolbar\TBPSSvc.exe -> Spyware.WebSearch -> Cleaned with backup
C:\Program Files\Toolbar\xlmurin.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\WINDOWS\temp\XqSUyeog.exe -> Spyware.WebSearch -> Cleaned with backup


::Report End

#4 H@ns

H@ns

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 26 June 2005 - 01:27 AM

Hi,

Have you installed "SurfMonkey" on purpose? If so, read this page: http://www.cexx.org/surfmonk.htm

* Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg (save as: all files) and save it on your Desktop.

REGEDIT4 

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WinToolsSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinToolsSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WinToolsSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinToolsSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WinToolsSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinToolsSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WinToolsSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinToolsSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TBPSSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TBPSSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBPSSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TBPSSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TBPSSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TBPSSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TBPSSvc]

The above Registry file was written specifically for this infection and is not to be used on any other infection as it could damage a person's PC

Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Then:

* Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and run it from there in the future ;)

1. Run HijackThis (“Do a system scan only”). Put a checkmark near these lines:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot

O4 - Global Startup: Weatherscope.lnk = C:\Program Files\Weatherscope\Weatherscope.exe

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...er3/install.cab


2. Close all other windows and browsers, and hit Fix Checked.

3. Reboot into safe mode by tapping F8 frequently during bootup.
Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders".

4. Delete, in safe mode:
Folders
C:\Program Files\Toolbar
C:\Program Files\Common Files\WinTools
C:\Program Files\Weatherscope

5. Reboot into normal mode, make a new HijackThis log, and post it here :thumbsup:

#5 sriggan

sriggan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 27 June 2005 - 05:59 AM

As far as SurfMonkey goes, I can certainly delete it. Do you have specific steps I need to go through to delete it? I'm trying to get this computer back to a decent running state. Also, when I restarted the computer this time, I got a message that the system was looking for WToolsA. Here is my latest HJT log(thanks again):

Logfile of HijackThis v1.99.1
Scan saved at 6:54:00 AM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\MemoKit\memokit2.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IM] C:\PROGRA~1\EARTHL~3\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Forget Me Not.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

#6 H@ns

H@ns

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 27 June 2005 - 10:06 AM

Do the following:

Run HijackThis. Click "Open the Misc tools section", then "Open Uninstall Manager". Then choose "Save List" and save it somewhere you want. Notepad will open. Post the contents of that file into this thread please :thumbsup:

#7 sriggan

sriggan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 27 June 2005 - 10:17 AM

56Kbps Internal Modem
Ad-Aware SE Personal
Adobe Acrobat 5.0
Alchemy 1.2
American Greetings CreataCard
BigFix
BookWorm Deluxe 1.02
ccCommon
CompuServe
Cubis Gold
EarthLink Accelerator
EarthLink FastLane
EarthLink FixMail
EarthLink Parental Controls
EarthLink Spyware Blocker
EarthLink TotalAccess 2004
eMachines Bay Reader V1.00
ewido security suite
HijackThis 1.99.1
ICQ
InterActual Player
Internet Worm Protection
Java 2 Runtime Environment Standard Edition v1.3.1_02
Lernout & Hauspie TruVoice for Microsoft Agent
Lexmark Z700-P700 Series
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
MemoKit
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
Multimedia Keyboard Driver Ver1.1
Netscape 6 (6.2.1)
Netscape Browser (remove only)
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Audio Driver
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
PowerDVD
RealArcade
RealPlayer
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Shockwave
SPBBC
Spybot - Search & Destroy 1.4
SpyCatcher 3.0
Stamps.com Internet Postage
Symantec
Symantec Script Blocking Installer
SymNet
The Real Yellow Pages Live! v3.9.1 (ActiveX)
Ultimate Mahjongg
WebSearch Toolbar
Webshots!
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Win-Tools Easy Installer (by WebSearch)
Word Symphony from Earthlink (remove only)
Word Whomp To Go

#8 sriggan

sriggan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 01 July 2005 - 10:40 AM

Any further advice? Thanks for looking at this.

-scott

#9 H@ns

H@ns

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 01 July 2005 - 11:24 AM

Hi,

Sorry for the delay, I didn't seem to get the notification-emails, so didn't reply here. Now I will :thumbsup:

Go to Start - Control Panel - Add/Remove programs, and uninstall:
SPBBC
SpyCatcher 3.0
WebSearch Toolbar
Win-Tools Easy Installer (by WebSearch)

Reboot, make a new HijackThis log and post it here :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users