hmm

View previous topic View next topic Go down

hmm

Post by eric3926 on 15th March 2009, 2:08 pm

I dont know if there is something there but it seems like there is if you can see something ty in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:03 AM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Common Files\AOL\1172830934\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\program files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1172830934\EE\AOLDesktop.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\My Documents\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172830934\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\LBCFVC94\HTH_SH~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\LBCFVC94\HTH_TA~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\IH8KUKEM\HTH_BA~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\LBCFVC94\HTH_OU~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\O6MGPWDW\HTH_ST~1.SH!
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 10.1; AOLBuild 2.1.84.1; brand=aol; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 2.8; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://mplayer19.slingo.com/client/shockscreen8.asp?shost=mplayer19.slingo.com&sport=15013&susername=eric3926&spassword=eeicky&sroomname=Bishop%20Chads%20Room&sgameskin=bishops1&gameid=100"
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Addiction by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Bingo Luau by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Blackjack by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Dice City Roller by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Dice Derby by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Euchre by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Greenback Bayou by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Jungle Gin by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Lottso by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Mah Jong Garden by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Phlinx by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Quick Quack by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Shuffle Bump by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Texas Hold'em Poker by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Thousand Island Solitaire by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Turbo 21 v2 by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Word Craft by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Word Whomp Whackdown by pogo - [You must be registered and logged in to see this link.]
O16 - DPF: Yahoo! Pool 2 - [You must be registered and logged in to see this link.]
O16 - DPF: Yahoo! Tic-Tac-Toe - [You must be registered and logged in to see this link.]
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [You must be registered and logged in to see this link.]
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

eric3926
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-03-15
OS OS : windows xp
Points Points : 28250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmm

Post by Belahzur on 15th March 2009, 3:14 pm

Hello.

I strongly recommend you to remove Ask from your computer because it's:

  • Promoting its toolbars on sites targeted to kids.
  • Promoting its toolbars through ads that appear to be part of other companies' sites.
  • Promoting its toolbars through other companies' spyware.
  • Installing without any disclosure whatsoever and without any consent whatsoever.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See [You must be registered and logged in to see this link.] for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • AskBarDis
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmm

Post by eric3926 on 15th March 2009, 4:10 pm

DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 11:07:43.29 on Sun 03/15/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1394 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1172830934\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\AOL\1172830934\EE\AOLDesktop.exe
C:\WINDOWS\Explorer.EXE
C:\program files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FWFCGKEF\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: []
uRunOnce: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\lbcfvc94\hth_sh~1.sh! c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\lbcfvc94\hth_ta~1.sh! c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\ih8kukem\hth_ba~1.sh! c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\lbcfvc94\hth_ou~1.sh! c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\o6mgpwdw\HTH_ST~1.SH!
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 10.1; AOLBuild 2.1.84.1; brand=aol; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 2.8; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://mplayer19.slingo.com/client/shockscreen8.asp?shost=mplayer19.slingo.com&sport=15013&susername=eric3926&spassword=eeicky&sroomname=Bishop%20Chads%20Room&sgameskin=bishops1&gameid=100"
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [HostManager] c:\program files\common files\aol\1172830934\ee\AOLSoftware.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\autoru~1\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Addiction by pogo - [You must be registered and logged in to see this link.]
DPF: Bingo Luau by pogo - [You must be registered and logged in to see this link.]
DPF: Blackjack by pogo - [You must be registered and logged in to see this link.]
DPF: Dice City Roller by pogo - [You must be registered and logged in to see this link.]
DPF: Dice Derby by pogo - [You must be registered and logged in to see this link.]
DPF: Euchre by pogo - [You must be registered and logged in to see this link.]
DPF: Greenback Bayou by pogo - [You must be registered and logged in to see this link.]
DPF: Jungle Gin by pogo - [You must be registered and logged in to see this link.]
DPF: Lottso by pogo - [You must be registered and logged in to see this link.]
DPF: Mah Jong Garden by pogo - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Phlinx by pogo - [You must be registered and logged in to see this link.]
DPF: Quick Quack by pogo - [You must be registered and logged in to see this link.]
DPF: Shuffle Bump by pogo - [You must be registered and logged in to see this link.]
DPF: Texas Hold'em Poker by pogo - [You must be registered and logged in to see this link.]
DPF: Thousand Island Solitaire by pogo - [You must be registered and logged in to see this link.]
DPF: Turbo 21 v2 by pogo - [You must be registered and logged in to see this link.]
DPF: Word Craft by pogo - [You must be registered and logged in to see this link.]
DPF: Word Whomp Whackdown by pogo - [You must be registered and logged in to see this link.]
DPF: Yahoo! Pool 2 - [You must be registered and logged in to see this link.]
DPF: Yahoo! Tic-Tac-Toe - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - [You must be registered and logged in to see this link.]
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-1 201320]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-1-1 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-1-1 144704]
R3 MauiIIIG;Emuzed Maui III-G Device;c:\windows\system32\drivers\MauiIIIG.sys [2007-3-1 175232]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-1-1 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-1-1 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-1-1 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-1 40488]
S3 cpuz129;cpuz129;\??\c:\docume~1\admini~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz_x32.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-1 33832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-12 24652]

=============== Created Last 30 ================

2009-03-15 09:29 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-06 23:01 2,839,290 a------- c:\windows\system32\GameMon.des

==================== Find3M ====================

2009-03-15 09:17 47,360 ac------ c:\docume~1\admini~1\applic~1\pcouffin.sys
2009-03-15 09:17 87,608 a------- c:\docume~1\admini~1\applic~1\inst.exe
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-04 17:15 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-04 02:27 3,488,768 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 00:57 11,702,272 a------- c:\windows\system32\atioglxx.dll
2009-02-04 00:03 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-03 23:56 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-03 23:55 324,096 a------- c:\windows\system32\ati2dvag.dll
2009-02-03 23:44 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-02-03 23:44 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-03 23:43 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-03 23:43 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-03 23:43 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-03 23:41 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-03 23:40 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-03 23:30 3,884,768 a------- c:\windows\system32\ati3duag.dll
2009-02-03 23:14 2,645,504 a------- c:\windows\system32\ativvaxx.dll
2009-02-03 23:13 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-03 23:13 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-03 22:58 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-03 22:54 471,040 a------- c:\windows\system32\atikvmag.dll
2009-02-03 22:53 122,880 a------- c:\windows\system32\atiadlxx.dll
2009-02-03 22:52 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-03 22:52 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-03 22:46 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-03 22:44 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-03 21:43 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-03 21:42 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-03 21:40 3,244,032 a------- c:\windows\system32\aticaldd.dll
2009-01-30 21:37 2,592 a------- c:\docume~1\admini~1\applic~1\wklnhst.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-07-07 17:51 59,839,784 ac------ c:\program files\iTunesSetup.exe
2008-06-29 12:16 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062920080630\index.dat

eric3926
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-03-15
OS OS : windows xp
Points Points : 28250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmm

Post by Belahzur on 15th March 2009, 4:15 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Please download the OTMoveIt3 by OldTimer from here:
Code:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    npggsvc
    cpuz129
    Viewpoint Manager Service

    :files
    c:\windows\system32\gamemon.des
    c:\windows\system32\gamemon.des.exe
    c:\program files\viewpoint

    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoViewOnDrive"=-

    :commands
    [emptytemp]
    [reboot]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmm

Post by eric3926 on 15th March 2009, 4:39 pm

========== SERVICES/DRIVERS ==========
Service npggsvc stopped successfully.
Service npggsvc deleted successfully.
Service cpuz129 stopped successfully.
Service cpuz129 deleted successfully.
Unable to stop service Viewpoint Manager Service .
========== FILES ==========
c:\windows\system32\GameMon.des moved successfully.
File/Folder c:\windows\system32\gamemon.des.exe not found.
c:\program files\Viewpoint\Viewpoint Toolbar\del9B.tmp moved successfully.
c:\program files\Viewpoint\Viewpoint Toolbar moved successfully.
c:\program files\Viewpoint\Common moved successfully.
c:\program files\Viewpoint moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CMLS--2009-03-15--10-35-00.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_nuoo1JfifWG5v3D scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_a8HLLq7xV1qw5GT scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_bQ71uiyaKMLw5PO scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_Qv9pqUH5euEOU4q scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_rSoqUcWm3XOl0LN scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ZyWSwVZtmXTnsvn scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV5.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_112943

Files moved on Reboot...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CMLS--2009-03-15--10-35-00.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcafee_nuoo1JfifWG5v3D not found!
File C:\WINDOWS\temp\mcmsc_a8HLLq7xV1qw5GT not found!
File C:\WINDOWS\temp\mcmsc_bQ71uiyaKMLw5PO not found!
File C:\WINDOWS\temp\mcmsc_Qv9pqUH5euEOU4q not found!
File C:\WINDOWS\temp\mcmsc_rSoqUcWm3XOl0LN not found!
File C:\WINDOWS\temp\mcmsc_ZyWSwVZtmXTnsvn not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat not found!
File C:\WINDOWS\temp\WFV5.tmp not found!

eric3926
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-03-15
OS OS : windows xp
Points Points : 28250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmm

Post by Belahzur on 15th March 2009, 4:42 pm

Hello.
How's the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmm

Post by eric3926 on 15th March 2009, 4:50 pm

Better then it was Thank you.

eric3926
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-03-15
OS OS : windows xp
Points Points : 28250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmm

Post by Belahzur on 15th March 2009, 4:54 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum