Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Read This Logfile Hjt Team!


  • Please log in to reply
13 replies to this topic

#1 Tommy1073

Tommy1073

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 04 November 2005 - 12:10 AM

Where to begin.....I've been having problems with my computer for a while now, and up until now, I've been able to push them aside. Ever since I received the AIM virus (The one that keeps trying to put up an away message on your account linking to a deceivingly malicious webpage), my Task Manager has gone wacko. It rarely opens unless you hunt it down in its folder, and when it does, it only shows the computer's processes. That's not the worst of it, this process window doesn't have a frame!! There's no way to close it unless you end the process itself.

Another thing that has only occurred in recent days (yesterday) has me worried. My mouse will constantly flash the hourglass, telling me that there work in the background. Also, the window that I have selected will flash occasionally, and randomly, as if the window is "coughing". (The flashing window is just being selected and then unselected as if someone were clicking it and then clicking the desktop background, making it hard for me to type) The flashing is even happening as I type.

Within the last hour, I received a message about a program pokapoka79.exe having to close, and that Windows was sorry for the inconvenience, that message I'm sure everyone has seen. I did some research and found that this program is undesirable, although I dent know what it does. I am able to run msconfig.

I frequently scan my computer with Spybot S&D and Ad-Aware 6.0, as well as Hijack This when those other two dent fix my problems. Here is my HJT log as of 5 mins ago:

Logfile of HijackThis v1.99.1
Scan saved at 10:49:03 PM, on 11/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\p2pnetworking.exe
C:\WINDOWS\xffkncdj.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [9ppb5FdKs] C:\WINDOWS\xffkncdj.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000140.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Another thing that occurs too often for comfort is my computer freezing up and me having to hit the surge protector switch to reboot. I dont know if that is related to my other problems....heck, I dont know if any of my problems are related!! PLEASE HELP!!! :thumbsup:

Edited by KoanYorel, 04 November 2005 - 12:16 AM.


BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:43 AM

Posted 04 November 2005 - 02:57 AM

Please download LQfix.exe and save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will now reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Now do a scan with HiJackThis and post a new log by using Add Reply

#3 Tommy1073

Tommy1073
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 04 November 2005 - 03:51 PM

David, I downloaded/installed LQfix to my desktop and then it ran in the command prompt. It told me to make sure I had an intertnet connection, which I did with Mozilla as my browser, and then it said a window would appear and that i should click yes. No window ever appeared, so I continued reading and it said "LQfirst.bfu and/or LQsecond.bfu NOT PRESENT! Please post this at the forum!" So I waited for another few minutes and when nothing else happened I did what the prompt had told me to do a few minutes ago, and pressed any key to continue....After I pressed a random key, the prompt dissapeared so I restarted my computer and ran HJT and here is the log: Oh, and by the way, the flashing of windows and the disabled Ctrl+Alt+Del still occurs!!!

Logfile of HijackThis v1.99.1
Scan saved at 2:41:31 PM, on 11/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\p2pnetworking.exe
C:\WINDOWS\xffkncdj.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [9ppb5FdKs] C:\WINDOWS\xffkncdj.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000140.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Thank you for all your help!!!!

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:43 AM

Posted 04 November 2005 - 03:54 PM

Download this tool:
http://www.jayloden.com/AIMFix.exe

and run it.................

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :thumbsup:
David

#5 Tommy1073

Tommy1073
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 07 November 2005 - 06:25 PM

David, I'm having major probs.

At first, Ewido ran ok and it found like 10, 665 infected files that were all in the same folder, C:\Uploads. I had a lot of trouble getting this far because for almost every file that was infected, a pop up window would appear saying "you cannot delete this file because it is embedded in this archive, would you like to delete the archive?" So I said yes like 7, 000 times (that requires pressing the enter key 7, 000 times) After about 7, 000 or so, the process slowed wayyyy down. A window would only appear like 3 minutes after I had closed the one before it. I couldn't stand it any longer so I tried doing it again in safe mode, and then again in normal mode with no success. I dont know what to do. I tried looking for the develish file C:\Uploads but I could not find it!! I checked and searched, and searched and checked and couldn't find a single trace of the folder that contained still over 3, 000 malicious zip files (all of the files, each one of them, were zip files) Also task manager still does not work.

Sorry it took me so long to respond, I've been trying to work out this problem with Ewido.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:43 AM

Posted 08 November 2005 - 11:23 AM

Do you use a P2P networking program like Kazaa etc?

Do this then see if the folder is there:

Make sure that you can see hidden files (Windows XP).
  • Click "Start".
  • Click "My Computer".
  • Select the "Tools" menu and click "Folder Options".
  • Select the "View" tab.
  • Under the "Hidden files and folders" heading, select "Show hidden files and folders".
  • Uncheck the "Hide protected operating system files (recommended)" option.
  • Click "Yes" to confirm.
  • Uncheck the "Hide file extensions for known file types".
  • Click "OK".

If you find it, please give me a specimin name of a file in that folder

David

#7 Tommy1073

Tommy1073
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 08 November 2005 - 08:14 PM

I've gotta hand it to you David, you hit the nail right on the head. I found the folder full of zips and here are a few of the remaining thousands. They all have suspicious sounding names. And yes a had used Limewire for a while before finding it to be illegal and thus, uninstalling the program and all the files I thought were associated with it. Here are those files:

Palm16c v1.0.1 PalmOS Cracked by BLZPDA.zip

Samlogic cd-menu creator 2004 build 4.0.5 cracked by tsrh.zip

Save Flash v2.4.20.12 Regged by BLiZZARD.zip

Sawmill v7.1.1a by ViRiLiTY.zip

Tabulex 2001 v5.01.zip

Talisman Desktop v2.3 Beta 1 by TSRH.zip

Tasker 3.13.040504.zip

VBAcodePrint v6.10.5 by FHCF.zip

VeCad v6.061 by DIGERATI.zip

There are many more where those come from. The folder is very large and takes a long time for the computer to load as you scroll. If you'd like more file names let me know, I wont delete the folder untill you deem it neccessary.

Edited by Tommy1073, 08 November 2005 - 09:09 PM.


#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:43 AM

Posted 09 November 2005 - 12:15 PM

Ah!

A few illegal cracks there - don't worry about it though ! :thumbsup:

Try and delete the folder! :flowers:

Tell me what happens!

David

p.s. Limewire was most probably the source of the infection as it spreads by p2p so it's good you removed it :trumpet:

#9 Tommy1073

Tommy1073
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 09 November 2005 - 09:58 PM

Good news and bad news.......

Good News:
I did another Ewido scan, and there were about 7, 000 less entries than last time! There were only 30, and it cleaned them all without me having to delete any "archives".

Here's the ewido report:
+ Created on: 8:52:51 PM, 11/10/2005
+ Report-Checksum: A4E84239

+ Scan result:

:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai0qwuea.default\cookies.txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HJ4MG4LI\SAcc.prod.v1118.03nov2005.exe[1] -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QWPU74Z9\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\License.lnk -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\WINDOWS\etb\nt_hide79.dll -> Trojan.EliteBar.h : Cleaned with backup
C:\WINDOWS\extract.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\msbbi.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup


::Report End




Bad News:
My task manager problem persists, I dont know what to do!!! Please help me with that!! I hate it!! No task window! I dont even care about the proccesses if I can use task manager!! uggg......But thanks for helping fix the flashing window and cursor problem! And with the p2p problem. Thank you for being so quick with your responses too, I expected much less from a busy site like this! Send my props to your team for their dedication.

P.S. If you want a picture of exactly what happens when I press Ctrl+Alt+Del, go here: http://pic16.picturetrail.com/VOL684/32772...7/118261638.jpg
It's a harmless image site and I took a screenshot of my problem, cropped it, and posted it. Take a look if you think it will help.

Edited by Tommy1073, 09 November 2005 - 11:03 PM.


#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:43 AM

Posted 10 November 2005 - 05:24 PM

Try downloading these two reg files - once downloaded open them to add them to the registry:

http://www.kellys-korner-xp.com/regs_edits/taskmanager.reg

http://www.kellys-korner-xp.com/regs_edits...nager_Reset.reg

David

#11 Tommy1073

Tommy1073
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 11 November 2005 - 09:21 PM

I opened those links and there was text there but I dont know how exactly to download them and add them to my registry.....sorry for the delay.

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:43 AM

Posted 12 November 2005 - 03:15 PM

Use internet explorer and click on the files then click run
Then click yes if it asks if you want to add it to the registry

David

#13 Tommy1073

Tommy1073
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 15 November 2005 - 11:41 PM

David...YOU'RE A GENIUS!!!! It worked immediately. It's been a pleasure working with you and I really appreciate what you're doing as a part of the HJT team. I owe you one...or two...well I just owe you.
I'm soo happy right now! Now I know just where to go for computer problems.

Much thanks,
Tommy

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:43 AM

Posted 16 November 2005 - 12:16 PM

That's great news! I see a Clean Log!! Posted Image
How's everything running? :up: or :down: ?

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

How's everything running? :up: or :down: ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users