Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

32 Roam.exe And Supportfour.exe


  • This topic is locked This topic is locked
16 replies to this topic

#1 nsb823

nsb823

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:Fairhaven, MA
  • Local time:08:17 PM

Posted 18 March 2006 - 11:52 AM

I have just ran HijackThis and i need to know what to do with this now and what is the 32 Roam.exe and the supportfour.exe? and is there any other malicious files?


Logfile of HijackThis v1.99.1
 Scan saved at 11:44:31 AM, on 3/18/2006
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
 C:\WINDOWS\system32\LEXBCES.EXE
 C:\WINDOWS\system32\LEXPPS.EXE
 C:\WINDOWS\system32\spoolsv.exe
 C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
 C:\WINDOWS\system32\cisvc.exe
 C:\WINDOWS\System32\snmp.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
 C:\WINDOWS\wanmpsvc.exe
 C:\WINDOWS\system32\MsPMSPSv.exe
 C:\WINDOWS\system32\ZoneLabs\isafe.exe
 C:\WINDOWS\BCMSMMSG.exe
 C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
 C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 C:\Program Files\Winamp\winampa.exe
 C:\Program Files\AIM\aim.exe
 C:\DOCUME~1\OWNER~1.MYH\APPLIC~1\FLAWTY~1\supportfour.exe
 C:\Program Files\America Online 9.0a\aoltray.exe
 C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
 C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
 C:\Program Files\JGsoft\EditPadPro5\EditPadPro.exe
 C:\Program Files\America Online 9.0a\waol.exe
 C:\Program Files\America Online 9.0a\shellmon.exe
 C:\Program Files\America Online 9.0a\aolwbspd.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Documents and Settings\All Users.WINDOWS\Application Data\FORK MANAGER ERROR ATOM\32 Roam.exe
 C:\Program Files\HijackThis\HijackThis.exe
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://waoshzxccnpsodzokwem.com/MOYDOgdeMd4L6/OgAFzdgGyIk14SLGDF9jk4q_76gxK6iLfjpttsxpO43/fN/3l6.html
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
 O2 - BHO: (no name) - {00F6459D-FAAD-89F1-80DF-8EE0628A2B4C} - C:\DOCUME~1\OWNER~1.MYH\APPLIC~1\ATOMGR~1\basewin.exe
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
 O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
 O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
 O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
 O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
 O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
 O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
 O4 - HKCU\..\Run: [Heck Peak] C:\DOCUME~1\OWNER~1.MYH\APPLIC~1\FLAWTY~1\supportfour.exe
 O4 - Startup: PowerReg Scheduler V3.exe
 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
 O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
 O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
 O4 - Global Startup: Trojan Guarder Gold Full Version.lnk = C:\Program Files\Trojan Guarder Gold Full Version\Trojan Guarder.exe
 O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
 O17 - HKLM\System\CCS\Services\Tcpip\..\{C379F938-FB0A-4C17-A5AC-37AA6B10DC8D}: NameServer = 205.188.146.145
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
 O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
 O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:17 AM

Posted 18 March 2006 - 12:17 PM

Hello and welcome.. :thumbsup:

Please download Findlop by Metallica:
  • Unzip the contents to a new folder on your Desktop.
  • Open the folder, double-click on findlop.bat
  • It will make a log at c:\findlop.txt. Post all the contents of the report in your next reply. :flowers:

Hi there, stranger!

#3 nsb823

nsb823
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:Fairhaven, MA
  • Local time:08:17 PM

Posted 18 March 2006 - 12:24 PM

[TRACE] Enumerating jobs and queues
 [TRACE] Activating job '803895BC97673614.job'
 [TRACE] Printing all job properties
 
   ApplicationName:	'c:\docume~1\owner~1.myh\applic~1\flawty~1\Platform Ball Gram.exe'
   Parameters:		 ''
   WorkingDirectory:   ''
   Comment:			''
   Creator:			'Owner'
   Priority:		   NORMAL
   MaxRunTime:		 259200000 (3d  0:00:00)
   IdleWait:		   10
   IdleDeadline:	   60
   MostRecentRun:	  03/18/2006 12:00:00
   NextRun:			03/18/2006 13:00:00
   StartError:		 S_OK
   ExitCode:		   0
   Status:			 SCHED_S_TASK_READY
   ScheduledWorkItem Flags:
	 DeleteWhenDone		  = 0
	 Suspend				 = 0
	 StartOnlyIfIdle		 = 0
	 KillOnIdleEnd		   = 0
	 RestartOnIdleResume	 = 0
	 DontStartIfOnBatteries  = 0
	 KillIfGoingOnBatteries  = 0
	 RunOnlyIfLoggedOn	   = 1
	 SystemRequired		  = 0
	 Hidden				  = 1
   TaskFlags:		  0
 
   1 Trigger 
 
   Trigger 0:
	 Type:			Daily
	 DaysInterval:	1
	 StartDate:	   02/01/2001
	 EndDate:		 00/00/0000
	 StartTime:	   00:00
	 MinutesDuration: 1440
	 MinutesInterval: 60
	 Flags:
	   HasEndDate	  = 0
	   KillAtDuration  = 0
	   Disabled		= 0

that Platform Ball Gram.exe keeps popping my zone alarm firewall up and i keep blocking it...

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:17 AM

Posted 18 March 2006 - 12:41 PM

Hi again.

Click Start -> Run and type in: tasks

Hit ok.
  • When the window opens, Click on the 'Advanced' menu (located above).
  • Click on 'View Hidden Tasks'
  • Review all the tasks/jobs.
  • Delete hidden jobs that look like this:
  • 803895BC97673614.job
(With 16 random letters).

Empty recycle bin (if they appear to be in the recycle bin after you delete).

==

Post back with a fresh HijackThis log. :thumbsup:
Hi there, stranger!

#5 nsb823

nsb823
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:Fairhaven, MA
  • Local time:08:17 PM

Posted 18 March 2006 - 01:25 PM

Logfile of HijackThis v1.99.1

 Scan saved at 1:23:39 PM, on 3/18/2006

 Platform: Windows XP SP2 (WinNT 5.01.2600)

 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 Running processes:

 C:\WINDOWS\System32\smss.exe

 C:\WINDOWS\system32\winlogon.exe

 C:\WINDOWS\system32\services.exe

 C:\WINDOWS\system32\lsass.exe

 C:\WINDOWS\system32\svchost.exe

 C:\WINDOWS\System32\svchost.exe

 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

 C:\WINDOWS\Explorer.EXE

 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

 C:\WINDOWS\system32\LEXBCES.EXE

 C:\WINDOWS\system32\LEXPPS.EXE

 C:\WINDOWS\system32\spoolsv.exe

 C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

 C:\WINDOWS\system32\cisvc.exe

 C:\WINDOWS\System32\snmp.exe

 C:\WINDOWS\System32\svchost.exe

 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

 C:\WINDOWS\wanmpsvc.exe

 C:\WINDOWS\system32\MsPMSPSv.exe

 C:\WINDOWS\system32\ZoneLabs\isafe.exe

 C:\WINDOWS\BCMSMMSG.exe

 C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

 C:\Program Files\iTunes\iTunesHelper.exe

 C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

 C:\Program Files\iPod\bin\iPodService.exe

 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

 C:\Program Files\Winamp\winampa.exe

 C:\Program Files\AIM\aim.exe

 C:\DOCUME~1\OWNER~1.MYH\APPLIC~1\FLAWTY~1\supportfour.exe

 C:\Program Files\America Online 9.0a\aoltray.exe

 C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe

 C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

 C:\Documents and Settings\All Users.WINDOWS\Application Data\FORK MANAGER ERROR ATOM\32 Roam.exe

 C:\Program Files\America Online 9.0a\waol.exe

 C:\Program Files\America Online 9.0a\shellmon.exe

 C:\Program Files\America Online 9.0a\aolwbspd.exe

 C:\Program Files\Mozilla Firefox\firefox.exe

 C:\Program Files\HijackThis\HijackThis.exe

 

 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://waoshzxccnpsodzokwem.com/MOYDOgdeMd4L6/OgAFzdgGyIk14SLGDF9jk4q_76gxK6iLfjpttsxpO43/fN/3l6.html

 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com

 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

 O2 - BHO: (no name) - {00F6459D-FAAD-89F1-80DF-8EE0628A2B4C} - C:\DOCUME~1\OWNER~1.MYH\APPLIC~1\ATOMGR~1\basewin.exe

 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

 O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

 O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe

 O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"

 O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

 O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

 O4 - HKCU\..\Run: [Heck Peak] C:\DOCUME~1\OWNER~1.MYH\APPLIC~1\FLAWTY~1\supportfour.exe

 O4 - Startup: PowerReg Scheduler V3.exe

 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

 O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

 O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe

 O4 - Global Startup: Trojan Guarder Gold Full Version.lnk = C:\Program Files\Trojan Guarder Gold Full Version\Trojan Guarder.exe

 O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab

 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

 O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab

 O17 - HKLM\System\CCS\Services\Tcpip\..\{C379F938-FB0A-4C17-A5AC-37AA6B10DC8D}: NameServer = 205.188.146.145

 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

 O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

 O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:17 AM

Posted 18 March 2006 - 02:11 PM

Run a scan with HijackThis and check the following objects for removal:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://waoshzxccnpsodzokwem.com/MOYDOgdeMd...O43/fN/3l6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: (no name) - {00F6459D-FAAD-89F1-80DF-8EE0628A2B4C} - C:\DOCUME~1\OWNER~1.MYH\APPLIC~1\ATOMGR~1\basewin.exe
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKCU\..\Run: [Heck Peak] C:\DOCUME~1\OWNER~1.MYH\APPLIC~1\FLAWTY~1\supportfour.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

Go to -> Control Panel -> Add/Remove programs and uninstall the following if present:

Viewpoint Toolbar
Viewpoint


Now navigate to and delete the following folders / files if present:

C:\Program Files\Viewpoint\
C:\DOCUME~1\OWNER~1.MYH\APPLIC~1\FLAWTY~1\supportfour.exe
c:\docume~1\owner~1.myh\applic~1\flawty~1\Platform Ball Gram.exe

Empty recycle bin.

==

Please download Ewido Anti-Malware MicroScanner (English language only)

Double-click ewido_micro.exe

If your active Firewall prompts you, please allow all the connections to this program.

Now, make sure all 4 boxes are checked and click "Start Scan"

Once the Scan has completed, be sure all items found have a check by them and click "Remove Infections"

Click "Yes" to the prompt that follows.

Now, please reboot again.

==

Post back with a fresh HijackThis log. :thumbsup:
Hi there, stranger!

#7 nsb823

nsb823
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:Fairhaven, MA
  • Local time:08:17 PM

Posted 18 March 2006 - 04:08 PM

Logfile of HijackThis v1.99.1
 Scan saved at 4:00:48 PM, on 3/18/2006
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
 C:\WINDOWS\system32\LEXBCES.EXE
 C:\WINDOWS\system32\LEXPPS.EXE
 C:\WINDOWS\system32\spoolsv.exe
 C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
 C:\WINDOWS\system32\cisvc.exe
 C:\WINDOWS\System32\snmp.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
 C:\WINDOWS\wanmpsvc.exe
 C:\WINDOWS\system32\MsPMSPSv.exe
 C:\WINDOWS\system32\ZoneLabs\isafe.exe
 C:\WINDOWS\BCMSMMSG.exe
 C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
 C:\Program Files\iPod\bin\iPodService.exe
 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 C:\Program Files\Winamp\winampa.exe
 C:\Program Files\AIM\aim.exe
 C:\WINDOWS\system32\wuauclt.exe
 C:\Program Files\America Online 9.0a\aoltray.exe
 C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
 C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
 C:\Program Files\America Online 9.0a\waol.exe
 C:\Program Files\America Online 9.0a\shellmon.exe
 C:\Program Files\America Online 9.0a\aolwbspd.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\HijackThis\HijackThis.exe
 
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
 O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
 O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
 O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
 O4 - Startup: PowerReg Scheduler V3.exe
 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
 O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
 O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
 O4 - Global Startup: Trojan Guarder Gold Full Version.lnk = C:\Program Files\Trojan Guarder Gold Full Version\Trojan Guarder.exe
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
 O17 - HKLM\System\CCS\Services\Tcpip\..\{C379F938-FB0A-4C17-A5AC-37AA6B10DC8D}: NameServer = 205.188.146.145
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
 O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
 O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Hello again, there was also many other .exe files in the same folder as Platform Ball Gram.exe and supportfour.exe should I leave them alone? also another thing i noticed, about a week ago i updated to jre1.5.0_06 and this still shows jre1.5.0_02 files aswell for instance

jre1.5.0_02 files
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

jre1.5.0_06 files

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

Also what are these tasks?
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - Startup: PowerReg Scheduler V3.exe

Why does it say "-cnetwait.odl" at the end of this file?
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

Do you have any imformation on Trojan Guarder Gold Full Version? Like is it a hoax? It doesnt help at all...

Edited by nsb823, 18 March 2006 - 04:14 PM.


#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:17 AM

Posted 19 March 2006 - 03:04 AM

Powerreg scheduler v3.exe
Part of 3COM modem software.
Registration remainder. Not requred.

http://www.greatis.com/appdata/u/p/powerre...er%20v3.exe.htm

Please uninstall ALL the instances of older version of Java in your Control Panel, leave the latest update.

You can fix this if you want:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

I don't know why this entry shows cnetwait.odl:

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

It's legitimate nonetheless.

Sorry, I didn't find any good info on: Trojan Guarder Gold Full Version.

Seems like privacy expert Eric Howes hasn't taken it to his tests yet: http://www.spywarewarrior.com/rogue_anti-spyware.htm

All I can say is you might want to uninstall this program.

==

What are they named:

Hello again, there was also many other .exe files in the same folder as Platform Ball Gram.exe and supportfour.exe should I leave them alone?

:thumbsup:
Hi there, stranger!

#9 nsb823

nsb823
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:Fairhaven, MA
  • Local time:08:17 PM

Posted 19 March 2006 - 01:56 PM

Please uninstall ALL the instances of older version of Java in your Control Panel, leave the latest update.


When I try to unistall the older version of Java is says 'Fatal Error', is there any other way I can unistall it?


What are they named:

Hello again, there was also many other .exe files in the same folder as Platform Ball Gram.exe and supportfour.exe should I leave them alone?

:thumbsup:


BOOK DOG LOG SOFTWARE.exe
and 54 other .exe files with 8 random letters for a name....

Edited by nsb823, 19 March 2006 - 01:57 PM.


#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:17 AM

Posted 19 March 2006 - 02:02 PM

Sounds Lop to me.

Lets see.

==

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
==

Post also this:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post

Hi there, stranger!

#11 nsb823

nsb823
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:Fairhaven, MA
  • Local time:08:17 PM

Posted 19 March 2006 - 04:09 PM

the logs are too long to post here... so i had to upload them...

http://www.upload2.net/download2/WnWj9j0EK...vescan.txt.html

http://www.upload2.net/download2/ZXJm6KgjV...l_list.txt.html

Edited by nsb823, 19 March 2006 - 04:18 PM.


#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:17 AM

Posted 20 March 2006 - 08:33 AM

Hi again; lets continue with the fix.. :thumbsup:

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

Once in Safe Mode, navigate to and delete the following folders/files if present:

C:\Documents and Settings\Owner.MYHOME\Application Data\FLAW TYPE\ <= the ENTIRE folder, you should move ANY legitimate files that you need from this folder. It was so full of Lop .exe files.
C:\Documents and Settings\Owner.MYHOME\Favorites\LIVING\Dating.lnk
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\C_America Online 9.0a\misc\temp\32 Roam.rar
C:\Documents and Settings\All Users.WINDOWS\Application Data\FORK MANAGER ERROR ATOM\32 Roam.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\basewin.exe
C:\Documents and Settings\Owner.MYHOME\Application Data\atomgridcity\basewin.exe


And EVERYTHING inside this folder:

C:\Documents and Settings\Owner.MYHOME\Local Settings\Temp\

Empty Recycle bin.

==

Reboot back into Normal Mode.

Download newest SpyBot S&D, Click Here

Please do the following first, with the current (older) version of SpyBot:

1. Undo immunization
2. If SDHelper and TeaTimer are enabled, deactivate them first.
3. If Opera Browser is installed, de-select protection for Opera Immunity
4. Uninstall old version of Spybot S&D
5. Reboot again.

Install the newest SpyBot. Configure it, update it. Close it.

==

Next, download the latest Mozilla Firefox - browser HERE.

Don't install it yet.

Access Control Panel -> Add/Remove programs and uninstall the following entries:

Mozilla Firefox (1.0)
Trojan Guarder Gold Full Version
Viewpoint Media Player


==

Delete the following folders:

C:\Program Files\Viewpoint\
C:\Program Files\Trojan Guarder Gold Full Version\


Empty recycle bin again.

Install the latest Firefox.

==

NEXT:

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
==

Finally, post back with a fresh HijackThis log. :flowers:
Hi there, stranger!

#13 nsb823

nsb823
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:Fairhaven, MA
  • Local time:08:17 PM

Posted 21 March 2006 - 02:38 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:34:43 PM, on 3/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C379F938-FB0A-4C17-A5AC-37AA6B10DC8D}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

The viewpoint folder wont delete and viewpoint media manager wont unistall i think its used by aol...

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:17 AM

Posted 22 March 2006 - 12:24 AM

How's the system running now :thumbsup:
Hi there, stranger!

#15 nsb823

nsb823
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:Fairhaven, MA
  • Local time:08:17 PM

Posted 22 March 2006 - 12:26 AM

better is that all I need to do? I thank you much.. if anythign else goes wrong ill post it here..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users