Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HLT Log file


  • Please log in to reply
5 replies to this topic

#1 gandcsundvik

gandcsundvik

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 02 January 2005 - 03:40 PM

Here is my log after I "fixed" checked boxes in Hijackthis, went to safe mode, deleted windows\system32\msbe.dll and windows\zeta.exe files or directories, removed Viewpoint Manager, Viewpoint Media Player. Couldn't find Wild Tangent and couldn't remove Advanced Searchbar. Deleted program C:\Program Files Files\Viewpoint....C:\progra~1\Search~1 and C:\Progra~1\Advanc~1 were not present.

Should some icons have been shown on my desk top when I fixed problems in Hijackthis? All programs were closed, but icons still remained on desktop,

How do I delete posts that I don't need on anymore?

you are wonderful! Thanks

Logfile of HijackThis v1.99.0
Scan saved at 4:46:58 PM, on 1/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\PopUp Jammer\addtolist.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by gandcsundvik, 02 January 2005 - 09:54 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:25 AM

Posted 02 January 2005 - 05:10 PM

I'm looking at your log now. I am also closing the other two threads that you started with this same log. Please keep all posts to this thread unless you have multiple computers.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:25 AM

Posted 02 January 2005 - 05:38 PM

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Implements Jammer - {09F0F280-FB9A-481B-B69A-CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1\POPUPJ~1.DLL
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...585d7b34e81015d
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe


Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\system32\msbe.dll
C:\WINDOWS\zeta.exe


Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Viewpoint Manager
Viewpoint Media Player
Advanced Searchbar
Wild Tangent


Please delete these folders using Windows Explorer(if present):

C:\Program Files\Viewpoint
C:\PROGRA~1\SEARCH~1
C:\PROGRA~1\ADVANC~1



Reboot your computer to go back to normal mode and post a new log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 gandcsundvik

gandcsundvik
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 08 January 2005 - 01:13 PM

I sent my HJT logfile in and followed instructions and my Application Error 0xc000142 went away (thanks so much) but I keep getting error messages from my Pc Mighty Max :thumbsup: ..I posted the registry file errors and missing shortcuts from PC mighty max along witht my current log file. I am running Nortons, Adaware, and Spybot, and Trojan Horse also. Thank you so much in Advance :flowers:




Logfile, December 8th, 2005

Logfile of HijackThis v1.99.0
Scan saved at 11:08:48 AM, on 1/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\TrojanHunter 4.0\THGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Advanced Searchbar\PopUp Jammer\Jammer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\PopUp Jammer\addtolist.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


PC Mighty Max Run:


C:\WINDOWS\SYSTEM32\blank.htm (Invalid Registry Path)
2. C:\Documents and Settings\Gary Sundvik\Application Data\Microsoft\Outlook\outitems.log (Invalid Registry Path)
3. C:\Documents and Settings\Gary Sundvik\Application Data\Microsoft\Outlook\offitems.log (Invalid Registry Path)
4. C:\Documents and Settings\Mike Sundvik\Local Settings\History\History.IE5\MSHist012004122720050103\ (Invalid Registry Path)
5. C:\WINDOWS\SYSTEM32\blank.htm (Invalid Registry Path)
6. C:\Documents and Settings\Gary Sundvik\Application Data\Microsoft\Outlook\outitems.log (Invalid Registry Path)
7. C:\Documents and Settings\Gary Sundvik\Application Data\Microsoft\Outlook\offitems.log (Invalid Registry Path)
8. C:\Documents and Settings\Mike Sundvik\Local Settings\History\History.IE5\MSHist012004122720050103\ (Invalid Registry Path)
9. C:\Program Files\Common Files\aolshare\sounds\US\Default\alert.wav (Invalid Registry Path)
10. C:\Program Files\Common Files\aolshare\sounds\US\Default\buddyin.wav (Invalid Registry Path)
11. C:\Program Files\Common Files\aolshare\sounds\US\Default\buddyout.wav (Invalid Registry Path)
12. C:\Program Files\Common Files\aolshare\sounds\US\Default\drop.wav (Invalid Registry Path)
13. C:\Program Files\Common Files\aolshare\sounds\US\Default\filedone.wav (Invalid Registry Path)
14. C:\Program Files\Common Files\aolshare\sounds\US\Default\goodbye.wav (Invalid Registry Path)
15. C:\Program Files\Common Files\aolshare\sounds\US\Default\im.wav (Invalid Registry Path)
16. C:\Program Files\Common Files\aolshare\sounds\US\Default\inactive.wav (Invalid Registry Path)
17. C:\Program Files\Common Files\aolshare\sounds\US\Default\moremail.wav (Invalid Registry Path)
18. C:\Program Files\Common Files\aolshare\sounds\US\Default\phonecall.wav (Invalid Registry Path)
19. C:\Program Files\Common Files\aolshare\sounds\US\Default\urgent.wav (Invalid Registry Path)
20. C:\Program Files\Common Files\aolshare\sounds\US\Default\welcome.wav (Invalid Registry Path)
21. C:\Program Files\Common Files\aolshare\sounds\US\Default\gotpics.wav (Invalid Registry Path)
22. C:\Program Files\Common Files\aolshare\sounds\US\Default\ygvm.wav (Invalid Registry Path)
23. C:\Program Files\Common Files\aolshare\sounds\US\Default\gotmail.wav (Invalid Registry Path)
24. C:\Documents and Settings\LiL\Application Data\Aim\ihartumoshi\urlcache\aim13.tmp (Invalid Registry Path)
25. C:\Documents and Settings\LiL\Application Data\Aim\seelivelovedie\urlcache\aim5A.tmp (Invalid Registry Path)
26. C:\Documents and Settings\Owner\My Documents\My eBooks (Invalid Registry Path)
27. C:\Documents and Settings\Owner\Application Data\InterTrust\ReceiptRepository (Invalid Registry Path)
28. C:\WINDOWS\System32\blank.htm (Invalid Registry Path)
29. C:\Program Files\Advanced Searchbar\PopUp Jammer\delfromlist.js (Invalid Registry Path)
30. C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk (Invalid Registry Path)
31. C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk (Invalid Registry Path)
32. C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk (Invalid Registry Path)
33. C:\DOCUME~1\Owner\LOCALS~1\Temp\setb0.tmp (Invalid Registry Path)
34. C:\DOCUME~1\Owner\LOCALS~1\Temp\setb1.tmp (Invalid Registry Path)
35. C:\Documents and Settings\LiL\My Documents\My Pictures\Kodak Pictures\2004-07-31\100_0115.JPG (Invalid Registry Path)
36. C:\Documents and Settings\LiL\My Documents\My Pictures\friends!\kaleb (Invalid Registry Path)
37. C:\Documents and Settings\LiL\My Documents\My Pictures\friends!\fgh (Invalid Registry Path)
38. C:\Documents and Settings\LiL\My Documents\My Pictures\friends!\fghgfhgfhfg (Invalid Registry Path)
39. C:\Documents and Settings\LiL\My Documents\My Pictures\friends!\fghgfhgfhfg (Invalid Registry Path)
40. C:\Documents and Settings\LiL\My Documents\My Pictures\friends!\kaleb (Invalid Registry Path)
41. C:\Documents and Settings\LiL\My Documents\My Pictures\friends!\fgh (Invalid Registry Path)
42. C:\Documents and Settings\LiL\Desktop\cd_blink_182.exe (Invalid Registry Path)
43. C:\Documents and Settings\Gary Sundvik\Local Settings\History\History.IE5\MSHist012004121320041220\ (Invalid Registry Path)
44. C:\Documents and Settings\Gary Sundvik\Local Settings\History\History.IE5\MSHist012004122020041227\ (Invalid Registry Path)
45. C:\Documents and Settings\Gary Sundvik\Local Settings\History\History.IE5\MSHist012004122720041228\ (Invalid Registry Path)
46. C:\Documents and Settings\Mike Sundvik\Local Settings\History\History.IE5\MSHist012004122720050103\ (Invalid Registry Path)
47. C:\Documents and Settings\Gary Sundvik\Local Settings\History\History.IE5\MSHist012004122820041229\ (Invalid Registry Path)
48. C:\Documents and Settings\Gary Sundvik\Local Settings\History\History.IE5\MSHist012004122920041230\ (Invalid Registry Path)
49. C:\Documents and Settings\Gary Sundvik\Local Settings\History\History.IE5\MSHist012004123020041231\ (Invalid Registry Path)
50. C:\Documents and Settings\Gary Sundvik\Local Settings\History\History.IE5\MSHist012004123120050101\ (Invalid Registry Path)
51. C:\Documents and Settings\Gary Sundvik\Local Settings\History\History.IE5\MSHist012005010120050102\ (Invalid Registry Path)
52. C:\Documents and Settings\Mike Sundvik\Local Settings\History\History.IE5\MSHist012005010320050104\ (Invalid Registry Path)
53. C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Invalid Registry Path)
54. C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe (Invalid Registry Path)
55. C:\Program Files\Windows ControlAd\WinCtlAd.exe (Invalid Registry Path)
56. C:\Program Files\Common Files\GMT\GMT.exe (Invalid Registry Path)
57. C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Invalid Registry Path)
58. C:\Program Files\WindUpdates\WinUpdt.exe (Invalid Registry Path)
59. C:\Program Files\WindowsSA\omniscient.exe (Invalid Registry Path)
60. C:\Program Files\Web_Rebates\WebRebates0.exe (Invalid Registry Path)
61. C:\WINDOWS\System32\muqhumw.exe (Invalid Registry Path)
62. C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Invalid Registry Path)
63. C:\Program Files\Common Files\CMEII\CMESys.exe (Invalid Registry Path)
64. C:\Program Files\WebSecureAlert\WebSecureAlert.exe (Invalid Registry Path)
65. C:\WINDOWS\wupdt.exe (Invalid Registry Path)
66. C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe (Invalid Registry Path)
67. C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe (Invalid Registry Path)
68. C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vet32.exe (Invalid Registry Path)
69. C:\WINDOWS\system32\loadwin.exe (Invalid Registry Path)
70. C:\Program Files\Windows AdControl\WinAdCtl.exe (Invalid Registry Path)
71. C:\Program Files\BullsEye Network\bin\bargains.exe (Invalid Registry Path)
72. C:\Documents and Settings\LiL\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML (Invalid Registry Path)
73. C:\Documents and Settings\LiL\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSR.XML (Invalid Registry Path)
74. C:\Program Files\ICQ\Help\NetDetect.hlp (Invalid Registry Path)
75. C:\Program Files\ICQ\DB (Invalid Registry Path)
76. C:\Program Files\ICQ\NewDb (Invalid Registry Path)
77. C:\Program Files\ICQ\2000a (Invalid Registry Path)
78. C:\Program Files\ICQ\2000b (Invalid Registry Path)
79. C:\Program Files\ICQ\2001a (Invalid Registry Path)
80. C:\Program Files\ICQ\Help\DBConver.hlp (Invalid Registry Path)
81. C:\Program Files\ICQ\Help\ICQ.hlp (Invalid Registry Path)
82. C:\Program Files\ICQ\Help\ChatHlp.hlp (Invalid Registry Path)
83. C:\Program Files\ICQ\Bitmaps\Chat\Smiley14.bmp (Invalid Registry Path)
84. C:\Program Files\ICQ\Bitmaps\Chat\Smiley15.bmp (Invalid Registry Path)
85. C:\Program Files\ICQ\Bitmaps\Chat\Smiley16.bmp (Invalid Registry Path)
86. C:\Program Files\ICQ\Bitmaps\Chat\Smiley17.bmp (Invalid Registry Path)
87. C:\Program Files\ICQ\Sounds\ChatBeep.wav (Invalid Registry Path)
88. C:\Program Files\ICQ\Sounds\ChatEmote.wav (Invalid Registry Path)
89. C:\Program Files\ICQ\Sounds\ChatAction.wav (Invalid Registry Path)
90. C:\Program Files\ICQ\Sounds\External.wav (Invalid Registry Path)
91. C:\Program Files\ICQ\Sounds\Picture.wav (Invalid Registry Path)
92. C:\Program Files\ICQ\Sounds\Reminder.wav (Invalid Registry Path)
93. C:\Program Files\ICQ\Sounds\ChatLOL.wav (Invalid Registry Path)
94. C:\Program Files\Net2Phone\Net2fone.exe (Invalid Registry Path)
95. C:\Documents And Settings\LiL\P2P Networking\Cache (Invalid Registry Path)
96. C:\Documents And Settings\LiL\P2P Networking\Cache\Database\ (Invalid Registry Path)
97. C:\WINDOWS\System32\P2P Networking\P2P Networking.exe (Invalid Registry Path)
98. C:\Documents and Settings\Owner\Application Data\Roxio\PlayList\ (Invalid Registry Path)
99. C:\Documents and Settings\Owner\Application Data\Roxio\Data\MediaDB.rxd (Invalid Registry Path)
100. C:\Documents and Settings\Owner\My Documents\My Music (Invalid Registry Path)
101. C:\WINDOWS\SYSTEM32\blank.htm (Invalid Registry Path)
102. Shortcut 'C:\Documents and Settings\Gary Sundvik\Recent\alibris[1].htm.lnk' linked to missing file 'C:\Documents and Settings\Cindy Sundvik\Local Settings\Temporary Internet Files\Content.IE5\1R5OVQJ4\alibris[1].htm' (Invalid Shortcut)
103. Shortcut 'C:\Documents and Settings\Gary Sundvik\Recent\Statistics.ini.lnk' linked to missing file 'C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini' (Invalid Shortcut)
104. Shortcut 'C:\Documents and Settings\LiL\Recent\Cotton Gin Hurt.lnk' linked to missing file 'C:\Documents and Settings\Gary Sundvik\My Documents\Cotton Gin Hurt.doc' (Invalid Shortcut)
105. Shortcut 'C:\Documents and Settings\LiL\Recent\Lilly Sundvik.lnk' linked to missing file 'C:\Documents and Settings\Gary Sundvik\My Documents\Lilly Sundvik.doc' (Invalid Shortcut)
106. Shortcut 'C:\Documents and Settings\LiL\Recent\tmdg.lnk' linked to missing file 'C:\Documents and Settings\Gary Sundvik\My Documents\tmdg.wps' (Invalid Shortcut)
107. Shortcut 'C:\Documents and Settings\LiL\Recent\us.lnk' linked to missing file 'C:\Documents and Settings\Gary Sundvik\My Documents\My Pictures\us.bmp' (Invalid Shortcut)

#5 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:11:25 AM

Posted 10 January 2005 - 05:07 AM

gandcsundvik

When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and only cause a delay in the help you are receiving.

I merged your topics and Buckeye_Sam will help you when he is available.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:25 AM

Posted 10 January 2005 - 04:50 PM

Download, run, and configure Adaware

Download Ad-aware SE from: http://www.majorgeeks.com/download506.html

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.


Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:

* Automatically save log-file
* Automatically quarantine objects prior to removal
* Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

* Scan Within Archives
* Scan Active Processes
* Scan Registry
* Deep Scan Registry
* Scan my IE favorites for banned URL’s
* Scan my Hosts file
* Under Click here to select drives + folders, choose:
* All of your hard drives

Click on the Advanced button on the left and select:

* Include additional process information
* Include additional file information
* Include environment information

Click the Tweak button and select:

* Under the Scanning Engine:
o Unload recognized processes & modules during scan
o Include additional Ad-aware settings in logfile
* Under the Cleaning Engine:
o Let Windows remove files in use at next reboot

Click on Proceed to save the settings.

Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

* Use Custom Scanning Options

Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

Save the log file when it asks and then click Finish

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Reboot your computer.




Please post a new hijackthis log by clicking the ADD REPLY button on this page.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users