Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Popups


  • Please log in to reply
4 replies to this topic

#1 danst150

danst150

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 16 February 2006 - 11:44 AM

I have uninstalled SurfSideKick 3 but CoolWebSearch is giving me more problems...

I followed the 5 step preperation guide and I still cannot get rid of my popups!!
Ad-Aware keeps on finding CoolWebSearch (after every reboot), seems like it keeps on re-installing itself.
CWShredder also does the same and removes the Trojan "CWS.Jksearch". Yet when I reboot it's there again!

Below is a copy of my HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 16:41:27, on 16/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoDA Startup] C:\Program Files\Rational\SoDAWord\Wizards\SodaStartup.exe StartUp
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micro{oft.com/microsoftupdat...b?1131142097442
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.command2.co.uk/cod_ev/cabs/cssweb.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\o2660cjsefo60.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProxyServer Service (ProxyServerService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpxsr.exe
O23 - Service: Rational Test Agent Service (RationalTestAgentService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

Edited by danst150, 16 February 2006 - 08:26 PM.


BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 18 February 2006 - 03:24 PM

http://www.atribune.org/ccount/click.php?id=7 to download Look2Me-Destroyer.exe and save it to your desktop.
· Close all windows before continuing.
· Double-click Look2Me-Destroyer.exe to run it.
· Put a check next to Run this program as a task.
· You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
· When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
· Once it's done scanning, click the Remove L2M button.
· You will receive a Done Scanning message, click OK.
· When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
· Your computer will then shutdown.
· Turn your computer back on.
· Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 danst150

danst150
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 19 February 2006 - 05:50 AM

OK, instructions have been followed, below are my log files:


Look2Me-Destroyer V1.0.5

Scanning for infected files.....
Scan started at 19/02/2006 10:35:57

Infected! C:\WINDOWS\system32\en48l1hu1.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP180\A0029089.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030098.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030099.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030150.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030188.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030210.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030230.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030249.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030268.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030916.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030923.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031027.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031028.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031044.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031045.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031047.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031055.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031091.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031092.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031100.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031122.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031144.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP183\A0031179.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP183\A0031181.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP183\A0031206.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031257.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031271.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031296.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031307.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0031328.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0031330.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0031374.dll
Infected! C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0032393.dll
Infected! C:\WINDOWS\system32\dd8vb.dll
Infected! C:\WINDOWS\system32\en48l1hu1.dll
Infected! C:\WINDOWS\system32\ix50_qcx.dll
Infected! C:\WINDOWS\system32\ksdbr.dll
Infected! C:\WINDOWS\system32\ktdfi1.dll
Infected! C:\WINDOWS\system32\l0r0la9m1d.dll
Infected! C:\WINDOWS\system32\lvj2091oe.dll
Infected! C:\WINDOWS\system32\lvpm0971e.dll
Infected! C:\WINDOWS\system32\miiole16.dll
Infected! C:\WINDOWS\system32\o4660ejseho60.dll
Infected! C:\WINDOWS\system32\parfctrs.dll
Infected! C:\WINDOWS\system32\rdhtxde.dll
Infected! C:\WINDOWS\system32\shusbdll.dll
Infected! C:\WINDOWS\system32\wrpshell.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\en48l1hu1.dll
C:\WINDOWS\system32\en48l1hu1.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP180\A0029089.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP180\A0029089.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030098.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030098.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030099.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030099.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030150.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030150.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030188.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030188.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030210.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030210.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030230.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030230.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030249.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030249.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030268.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030268.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030916.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030916.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030923.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP181\A0030923.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031027.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031027.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031028.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031028.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031044.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031044.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031045.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031045.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031047.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031047.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031055.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031055.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031091.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031091.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031092.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031092.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031100.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031100.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031122.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031122.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031144.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP182\A0031144.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP183\A0031179.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP183\A0031179.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP183\A0031181.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP183\A0031181.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP183\A0031206.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP183\A0031206.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031257.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031257.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031271.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031271.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031296.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031296.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031307.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP184\A0031307.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0031328.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0031328.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0031330.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0031330.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0031374.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0031374.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0032393.dll
C:\System Volume Information\_restore{B06B1359-3652-4B29-9D15-D689259F169D}\RP185\A0032393.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dd8vb.dll
C:\WINDOWS\system32\dd8vb.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en48l1hu1.dll
C:\WINDOWS\system32\en48l1hu1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ix50_qcx.dll
C:\WINDOWS\system32\ix50_qcx.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ksdbr.dll
C:\WINDOWS\system32\ksdbr.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ktdfi1.dll
C:\WINDOWS\system32\ktdfi1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l0r0la9m1d.dll
C:\WINDOWS\system32\l0r0la9m1d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvj2091oe.dll
C:\WINDOWS\system32\lvj2091oe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvpm0971e.dll
C:\WINDOWS\system32\lvpm0971e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\miiole16.dll
C:\WINDOWS\system32\miiole16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o4660ejseho60.dll
C:\WINDOWS\system32\o4660ejseho60.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\parfctrs.dll
C:\WINDOWS\system32\parfctrs.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\rdhtxde.dll
C:\WINDOWS\system32\rdhtxde.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\shusbdll.dll
C:\WINDOWS\system32\shusbdll.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wrpshell.dll
C:\WINDOWS\system32\wrpshell.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{32DBF6CE-87F0-4236-BF06-D8AC4AA6E6DE}"
HKCR\Clsid\{32DBF6CE-87F0-4236-BF06-D8AC4AA6E6DE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A0D83340-CA0A-4161-9A64-5A216664DD86}"
HKCR\Clsid\{A0D83340-CA0A-4161-9A64-5A216664DD86}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E98544F3-A67C-4809-8D15-E62BDD11E9DB}"
HKCR\Clsid\{E98544F3-A67C-4809-8D15-E62BDD11E9DB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FEDE03C6-ECA3-4B7B-B6A8-F4A328BFDDEF}"
HKCR\Clsid\{FEDE03C6-ECA3-4B7B-B6A8-F4A328BFDDEF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{87B1454B-5902-4292-AD97-578CF45F6BF3}"
HKCR\Clsid\{87B1454B-5902-4292-AD97-578CF45F6BF3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8E239B66-3DE6-4655-9621-A5A6017C8BAE}"
HKCR\Clsid\{8E239B66-3DE6-4655-9621-A5A6017C8BAE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7C5383B8-23F7-46F9-A834-880983F5E5CE}"
HKCR\Clsid\{7C5383B8-23F7-46F9-A834-880983F5E5CE}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


Logfile of HijackThis v1.99.1
Scan saved at 10:45:21, on 19/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoDA Startup] C:\Program Files\Rational\SoDAWord\Wizards\SodaStartup.exe StartUp
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micro{oft.com/microsoftupdat...b?1131142097442
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.command2.co.uk/cod_ev/cabs/cssweb.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProxyServer Service (ProxyServerService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpxsr.exe
O23 - Service: Rational Test Agent Service (RationalTestAgentService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

My popups have gone now, is there anything else you recommend??

P.S. really appreciate the help!!

Edited by danst150, 19 February 2006 - 05:57 AM.


#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 19 February 2006 - 05:50 PM

Clean Posted Image - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?

Restore points
Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
=============
Get all of these and/or verify you have the current versions

SpywareBlaster 3.5.1 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/details...&displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Check for updates and run weekly
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 danst150

danst150
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 20 February 2006 - 04:43 AM

yea it seems to be sorted now.
although the first couple of times i turned my pc on and started my broswer (firefox), a small browser window would open before it, as in:
- only see the title bar at the top
- no web page body or address bar
- just a small minimised window in the top left hand corner

today this hasn't happend and Ad-aware/spybot arent picking up anything.

so other than the above, how do i mark the hread as solved because i can't seem to find it!! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users