gahh Posted April 4, 2007 Share Posted April 4, 2007 I posted a topic on this before, but then I lost track of it. So I'm starting a new topic. Ok, I keep on getting this message from Norton saying there is a virus called Spyware.Quicksearch. I searched their website for the virus and did what they told me to do to remove the virus. But the message still pops up. So I scanned my comp with Spybot S&D, Adaware SE Personal and Norton Antivirus. I quaratined and removed all viruses and rebooted my comp. Soon after, I still keep on getting the message. I ran a HijackThis log and saved it but it saved as a document so I don't know how to post it here. Please Help!! Link to comment Share on other sites More sharing options...
Cruiser Posted April 4, 2007 Share Posted April 4, 2007 It most likely was still running during removal and replaced itself. Reboot your computer and hold F8 before the windows loading screen appears. Select one of the safe mode options from the list that appears (any will do), log into the admin account that will be displayed and run your virus and spyware scans from there. It should be able to completely remove it now. To post the hijackthis log just copy and paste the text from the log into your forum post. Putting it in tags is a good idea. Link to comment Share on other sites More sharing options...
gahh Posted April 5, 2007 Author Share Posted April 5, 2007 Ok, thanks. I'll try that after this post. Here's the HijackThis Log Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 6:47:46 PM, on 5/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\SYSTEM32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File] C:\WINDOWS\SYSTEM32\Ati2evxx[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: Executable File] C:\WINDOWS\system32\inetsrv\inetinfo[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: Executable File] C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT[Caution: Executable File] C:\Program Files\Raxco\PerfectDisk\PDEngine[Caution: Executable File] C:\Program Files\CyberLink\Shared files\RichVideo[Caution: Executable File] C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine[Caution: Executable File] C:\WINDOWS\system32\SearchIndexer[Caution: Executable File] C:\Program Files\DAEMON Tools\daemon[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: Executable File] C:\Program Files\Java\jre1.5.0_11\bin\jusched[Caution: Executable File] C:\Program Files\DAP\DAP[Caution: Executable File] C:\Program Files\Lexmark 4300 Series\lxcemon[Caution: Executable File] C:\Program Files\Lexmark 4300 Series\ezprint[Caution: Executable File] C:\WINDOWS\system32\lxcecoms[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File] C:\WINDOWS\system32\rundll32[Caution: Executable File] C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File] C:\WINDOWS\system32\wuauclt[Caution: Executable File] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier[Caution: Executable File] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor[Caution: Executable File] C:\Program Files\Messenger\msmsgs[Caution: Executable File] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl[Caution: Executable File] C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] C:\Program Files\WordWeb\wweb32[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: Executable File] C:\Program Files\Winamp\Winamp[Caution: Executable File] C:\Program Files\MSN Messenger\usnsvc[Caution: Executable File] C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: Executable File] C:\HijackThis\HiJackThis V2[Caution: Executable File] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Administrator Kevin R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file) R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: IExpress - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINDOWS\system32\iexpress.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: Executable File]" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /IMEName O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon[Caution: Executable File]" -lang 1033 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: Executable File]" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language[Caution: Executable File]" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched[Caution: Executable File]" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER[Caution: Executable File] O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg[Caution: Executable File] O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet[Caution: Executable File]" O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP[Caution: Executable File]" /STARTUP O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcemon[Caution: Executable File]] "C:\Program Files\Lexmark 4300 Series\lxcemon[Caution: Executable File]" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint[Caution: Executable File]" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032[Caution: Executable File]" /s O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck[Caution: Executable File]" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File]" O4 - HKLM\..\Run: [index] C:\Program Files\ClearAllHistory\index.bat O4 - HKLM\..\Run: [boss Key] C:\Program Files\Boss Key\bosskey[Caution: Executable File] O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32[Caution: Executable File] bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [speedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO[Caution: Executable File] -s O4 - HKCU\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier[Caution: Executable File] O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor[Caution: Executable File]" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah[Caution: Executable File] O4 - HKUS\S-1-5-19\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\CTFMON[Caution: Executable File] (User 'Default user') O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32[Caution: Executable File] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl[Caution: Executable File] O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync[Caution: Executable File] O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/r ... nPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3040258574 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag[Caution: Executable File] O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: Executable File] O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File] O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File] O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT[Caution: Executable File] O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc[Caution: Executable File] O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1[Caution: Executable File] O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms[Caution: Executable File] O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT[Caution: Executable File] O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine[Caution: Executable File] O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched[Caution: Executable File] O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12[Caution: Executable File] O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo[Caution: Executable File] O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB[Caution: Executable File] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: Executable File] O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: Executable File] O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine[Caution: Executable File] -- End of file - 12976 bytes Link to comment Share on other sites More sharing options...
gahh Posted April 5, 2007 Author Share Posted April 5, 2007 Ok, just finished the scans. Now waiting to see if the virus pops up again. Hopefully not. :pray: :pray: Link to comment Share on other sites More sharing options...
gahh Posted April 5, 2007 Author Share Posted April 5, 2007 Noooooooo. The message popped up just now. Please suggest any methods that may help. It's starting to get annoying. It makes programs lag sometimes. Link to comment Share on other sites More sharing options...
coltm4carbine Posted April 5, 2007 Share Posted April 5, 2007 Hi, Can you do a scan with Hijackthis 1.99.1 please. Then someone (or I) will tell you what you need to fix. Notice the HJT 2 is still in BETA and BETA software usually has bugs which could break your computer. Link to comment Share on other sites More sharing options...
Mercifull Posted April 5, 2007 Share Posted April 5, 2007 Hi, Can you do a scan with Hijackthis 1.99.1 please. Then someone (or I) will tell you what you need to fix. Notice the HJT 2 is still in BETA and BETA software usually has bugs which could break your computer.Its beta because its not officially supported by the new owners of the software yet. It actually includes lots of fixes and updates to the 1.99.1 version. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
binarypi0110 Posted April 5, 2007 Share Posted April 5, 2007 did you fix everything in the registry that the symantec site said to? Link to comment Share on other sites More sharing options...
gahh Posted April 5, 2007 Author Share Posted April 5, 2007 did you fix everything in the registry that the symantec site said to? Yes, but i couldn't find most of the things in the registry. And I will try to get HijackThis 1.99.1. Link to comment Share on other sites More sharing options...
gahh Posted April 5, 2007 Author Share Posted April 5, 2007 Ok, here is HijackThis log version 1.99.1 Logfile of HijackThis v1.99.1 Scan saved at 9:22:22 AM, on 6/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\SYSTEM32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: Executable File] C:\WINDOWS\SYSTEM32\Ati2evxx[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: Executable File] C:\WINDOWS\system32\inetsrv\inetinfo[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: Executable File] C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT[Caution: Executable File] C:\Program Files\Raxco\PerfectDisk\PDEngine[Caution: Executable File] C:\Program Files\CyberLink\Shared files\RichVideo[Caution: Executable File] C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine[Caution: Executable File] C:\WINDOWS\system32\SearchIndexer[Caution: Executable File] C:\Program Files\DAEMON Tools\daemon[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: Executable File] C:\Program Files\Java\jre1.5.0_11\bin\jusched[Caution: Executable File] C:\Program Files\DAP\DAP[Caution: Executable File] C:\Program Files\Lexmark 4300 Series\lxcemon[Caution: Executable File] C:\Program Files\Lexmark 4300 Series\ezprint[Caution: Executable File] C:\WINDOWS\system32\lxcecoms[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File] C:\WINDOWS\system32\rundll32[Caution: Executable File] C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier[Caution: Executable File] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor[Caution: Executable File] C:\Program Files\Messenger\msmsgs[Caution: Executable File] C:\WINDOWS\system32\wuauclt[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: Executable File] C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] C:\Program Files\WordWeb\wweb32[Caution: Executable File] C:\Program Files\Winamp\Winamp[Caution: Executable File] C:\Program Files\MSN Messenger\usnsvc[Caution: Executable File] C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File] C:\Program Files\Norton AntiVirus\NAVW32[Caution: Executable File] C:\Program Files\HijackThis\HijackThis[Caution: Executable File] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Administrator Kevin R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file) R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: IExpress - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINDOWS\system32\iexpress.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: Executable File]" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /IMEName O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon[Caution: Executable File]" -lang 1033 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: Executable File]" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language[Caution: Executable File]" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched[Caution: Executable File]" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER[Caution: Executable File] O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg[Caution: Executable File] O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet[Caution: Executable File]" O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP[Caution: Executable File]" /STARTUP O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcemon[Caution: Executable File]] "C:\Program Files\Lexmark 4300 Series\lxcemon[Caution: Executable File]" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint[Caution: Executable File]" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032[Caution: Executable File]" /s O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck[Caution: Executable File]" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File]" O4 - HKLM\..\Run: [index] C:\Program Files\ClearAllHistory\index.bat O4 - HKLM\..\Run: [boss Key] C:\Program Files\Boss Key\bosskey[Caution: Executable File] O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32[Caution: Executable File] bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [speedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO[Caution: Executable File] -s O4 - HKCU\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier[Caution: Executable File] O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor[Caution: Executable File]" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah[Caution: Executable File] O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32[Caution: Executable File] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl[Caution: Executable File] O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync[Caution: Executable File] O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/r ... nPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3040258574 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag[Caution: Executable File] O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: Executable File] O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File]" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File]" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File]" /h ccCommon (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT[Caution: Executable File] O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc[Caution: Executable File] O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1[Caution: Executable File] O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms[Caution: Executable File] O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT[Caution: Executable File] O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine[Caution: Executable File] O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched[Caution: Executable File] O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12[Caution: Executable File] O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo[Caution: Executable File] O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB[Caution: Executable File] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: Executable File] O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: Executable File] O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine[Caution: Executable File] Link to comment Share on other sites More sharing options...
coltm4carbine Posted April 6, 2007 Share Posted April 6, 2007 Hello again, You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. ==== Step 1 ==== Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. Re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file) O2 - BHO: IExpress - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINDOWS\system32\iexpress.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. ==== Step 2 ==== Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Show hidden files and folders * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Under the Hidden files and folders heading SELECT Show hidden files and folders. * UNCHECK the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present): C:\WINDOWS\system32\iexpress.dll Re-hide hidden files and folders * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Under the Hidden files and folders heading UNSELECT Show hidden files and folders. * CHECK the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. After that, Reboot and post a new HJT log. ====================== There are things which I am not 100% sure about - that's why I want to see the uninstall list before I fix any more stuff. Link to comment Share on other sites More sharing options...
gahh Posted April 7, 2007 Author Share Posted April 7, 2007 Thanks. Heres the Uninstall_list ABBYY FineReader 6.0 Sprint Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 8 Adobe Shockwave Player AdobeÃÆââ¬Å¡Ãâî PhotoshopÃÆââ¬Å¡Ãâî Album Starter Edition 3.0 AppCore Ask Toolbar ATI - Software Uninstall Utility ATI Display Driver AV BitComet 0.67 BitTorrent 5.0.7 Boredaussie Automatic Installer ccCommon ClearType Tuning Control Panel Applet Component Framework Conflict Desert Storm II Connection Keep Alive Deus Ex Download Accelerator Plus (DAP) DRIV3R DVD Decrypter (Remove Only) eMule VeryCDÃÆââ¬Å¡ÃâðÃÆÃâÃâæ Google Earth Google Toolbar for Internet Explorer Heroes of Might and Magic V HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB929120) IExpress Internet Worm Protection J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 8 K-Lite Mega Codec Pack 1.52 Lexmark 4300 Series Lexmark Fax Solutions LimeWire 4.12.6 LiveUpdate 3.1 (Symantec Corporation) Mailinfo for Outlook MathType 5 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Windows Logo Midnight Club II Mozilla Firefox (2.0.0.2) Mozilla Firefox (2.0.0.3) MSRedist My DSC Nero 7 Ultra Edition Nero OEM Nero Suite New Media Codec v3.2 Norton AntiVirus Norton AntiVirus (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Cleanup Norton Protection Center Norton SystemWorks Norton SystemWorks Norton SystemWorks (Symantec Corporation) Norton Utilities PerfectDisk PowerDVD RegistryFix v5.5 Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917537) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Soldier of Fortune II - Double Helix GOLD Sound Blaster Live! Web 2K/XP SPBBC 32bit SpeedBit Video Accelerator SpeedOptimizer Spybot - Search & Destroy 1.4 Symantec SymNet System Requirements Lab TVAnts 1.0 Tweak UI Update for Windows Internet Explorer 7 Beta 3 (KB922880) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB900930) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB929338) Update for Windows XP (KB931836) USB-703 Vibration Joystick Winamp (remove only) Windows Desktop Search Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Beta 3 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows PowerShell 1.0 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WinRAR archiver WinZip WordWeb And here's the new HijackThis log. Logfile of HijackThis v1.99.1 Scan saved at 10:58:55 AM, on 7/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\SYSTEM32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: Executable File] C:\WINDOWS\SYSTEM32\Ati2evxx[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: Executable File] C:\WINDOWS\system32\inetsrv\inetinfo[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: Executable File] C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT[Caution: Executable File] C:\Program Files\Raxco\PerfectDisk\PDEngine[Caution: Executable File] C:\Program Files\CyberLink\Shared files\RichVideo[Caution: Executable File] C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine[Caution: Executable File] C:\WINDOWS\system32\SearchIndexer[Caution: Executable File] C:\Program Files\DAEMON Tools\daemon[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: Executable File] C:\Program Files\Java\jre1.5.0_11\bin\jusched[Caution: Executable File] C:\Program Files\DAP\DAP[Caution: Executable File] C:\Program Files\Lexmark 4300 Series\lxcemon[Caution: Executable File] C:\Program Files\Lexmark 4300 Series\ezprint[Caution: Executable File] C:\WINDOWS\system32\lxcecoms[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File] C:\WINDOWS\system32\wuauclt[Caution: Executable File] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File] C:\WINDOWS\system32\rundll32[Caution: Executable File] C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier[Caution: Executable File] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor[Caution: Executable File] C:\Program Files\Messenger\msmsgs[Caution: Executable File] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl[Caution: Executable File] C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] C:\Program Files\WordWeb\wweb32[Caution: Executable File] C:\Program Files\MSN Messenger\usnsvc[Caution: Executable File] C:\Program Files\HijackThis\HijackThis[Caution: Executable File] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Administrator Kevin R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file) R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: Executable File]" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /IMEName O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon[Caution: Executable File]" -lang 1033 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: Executable File]" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language[Caution: Executable File]" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched[Caution: Executable File]" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER[Caution: Executable File] O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg[Caution: Executable File] O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet[Caution: Executable File]" O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP[Caution: Executable File]" /STARTUP O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcemon[Caution: Executable File]] "C:\Program Files\Lexmark 4300 Series\lxcemon[Caution: Executable File]" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint[Caution: Executable File]" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032[Caution: Executable File]" /s O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck[Caution: Executable File]" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File]" O4 - HKLM\..\Run: [index] C:\Program Files\ClearAllHistory\index.bat O4 - HKLM\..\Run: [boss Key] C:\Program Files\Boss Key\bosskey[Caution: Executable File] O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32[Caution: Executable File] bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [speedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO[Caution: Executable File] -s O4 - HKCU\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier[Caution: Executable File] O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor[Caution: Executable File]" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah[Caution: Executable File] O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32[Caution: Executable File] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl[Caution: Executable File] O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync[Caution: Executable File] O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/r ... nPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3040258574 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag[Caution: Executable File] O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: Executable File] O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File]" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File]" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: Executable File]" /h ccCommon (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT[Caution: Executable File] O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc[Caution: Executable File] O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1[Caution: Executable File] O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms[Caution: Executable File] O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT[Caution: Executable File] O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine[Caution: Executable File] O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched[Caution: Executable File] O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12[Caution: Executable File] O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo[Caution: Executable File] O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB[Caution: Executable File] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: Executable File] O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: Executable File] O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine[Caution: Executable File] By the way, I noticed that R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file) was still in the HijackThis log. I clicked on fix checked. The other one went away but when I clicked fix checked, the log disappeared. Oh yeah. I don't think it worked though. I just got the message from Norton again about the virus. Link to comment Share on other sites More sharing options...
coltm4carbine Posted April 7, 2007 Share Posted April 7, 2007 Is there anything from the Add/Remove programs that you do not remember installing? I can't see anything related to quicksearch from your logs.... Do this for now.. see if AVGAS finds quicksearch... Download AVG Anti-Spyware from HERE and save that file to your desktop. [*:120tot30]Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. [*:120tot30]Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. [*:120tot30]On the main screen select the icon "Update" then select the "Update now" link. [*:120tot30]Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. [*:120tot30]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. [*:120tot30]Once in the Settings screen click on "Recommended actions" and then select "Quarantine". [*:120tot30]Under "Reports" [*:120tot30]Select "Automatically generate report after every scan" [*:120tot30]Un-Select "Only if threats were found"Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly. [*:120tot30]Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: [*:120tot30]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. [*:120tot30]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". [*:120tot30]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: [*:120tot30]If you have any infections you will prompted, then select "Apply all actions" [*:120tot30]Next select the "Reports" icon at the top. [*:120tot30]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). [*:120tot30]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan. Link to comment Share on other sites More sharing options...
gahh Posted April 8, 2007 Author Share Posted April 8, 2007 Ummm... Well this computer is second hand so I don't know some of the programs as they were already there. I will download AVG and scan after this post. Link to comment Share on other sites More sharing options...
gahh Posted April 8, 2007 Author Share Posted April 8, 2007 Ummm... Which version are you talking about with the AVG antivirus. Because the link wouldn't work so I Googled it and I downloaded version 7.5 which doesn't have the 'Scanner icon at the top. Link to comment Share on other sites More sharing options...
coltm4carbine Posted April 8, 2007 Share Posted April 8, 2007 Tip.it censored my link. I am not talking about AVG antivirus I'm talking about AVG antispyware. http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.0.50[Caution: Executable File] Click on the link and at the address bar replace %5BCaution:%20ExecutableFile%5D with [Caution: Executable File] Uninstall AVG antivirus. Do you have a Windows XP disk? If you have IMO it would be better backing up your data and reformatting (it should be quicker than me trying to clean up your computer IMO). Tell me if you want to try and fix it or to reformat it. If you choose to try and fix it then continue with my previous instructions with AVG antispyware. Link to comment Share on other sites More sharing options...
gahh Posted April 8, 2007 Author Share Posted April 8, 2007 Ok, I'm downloading AVG Antispyware. I have a Windows XP CD but it is a fake copy so some programs like Windows Media Player 11 won't work as it tries to verify if your copy of Windows is genuine. So I want to fix it and not reformat. I know how to reformat BTW. Link to comment Share on other sites More sharing options...
gahh Posted April 10, 2007 Author Share Posted April 10, 2007 Here is the report that AVG saved after the scan. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 10:04:37 AM 10/04/2007 + Scan result: :mozilla.6:C:\Documents and Settings\Vip\Application Data\Mozilla\Firefox\Profiles\19piaa5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.37:C:\Documents and Settings\Vip\Application Data\Mozilla\Firefox\Profiles\19piaa5b.default\cookies.txt -> TrackingCookie.Adobe : Cleaned. C:\Documents and Settings\Vip\Cookies\[email protected][1].txt -> TrackingCookie.Adobe : Cleaned. :mozilla.7:C:\Documents and Settings\Vip\Application Data\Mozilla\Firefox\Profiles\19piaa5b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.35:C:\Documents and Settings\Vip\Application Data\Mozilla\Firefox\Profiles\19piaa5b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. ::Report end Link to comment Share on other sites More sharing options...
coltm4carbine Posted April 10, 2007 Share Posted April 10, 2007 Try counterspy link. and do a scan with it. That R3 is just a leftover. Counterspy should in theory remove any files I can't see... Even AVG didn't find quicksearch... Is your copy of Norton up to date (is the definitions up-to-date)? Link to comment Share on other sites More sharing options...
gahh Posted April 10, 2007 Author Share Posted April 10, 2007 Yes, my Norton Antivirus is up to date. I Liveupdate quite often. I am downloading Counterspy now. So, the same procedure? I update if I have to and scan it in safe mode? Link to comment Share on other sites More sharing options...
coltm4carbine Posted April 10, 2007 Share Posted April 10, 2007 Yeh, scan in safemode then save the log and post it here if you can. Does Norton tell you the location of the infected file or something? If it does can you tell me it's location? Link to comment Share on other sites More sharing options...
gahh Posted April 10, 2007 Author Share Posted April 10, 2007 No, Norton doesn't tell the location where Spyware.Quicksearch was found for some reason. I'm gonna go scan now. BTW, thanks for your help so far. Link to comment Share on other sites More sharing options...
gahh Posted April 12, 2007 Author Share Posted April 12, 2007 Sorry I haven't posted the thing yet. The computer cashed a few days ago. It restarted once you logged in. It is working now so I am scanning and it seems to have a lot of viruses. After the scans I will probably be able to post the log. Link to comment Share on other sites More sharing options...
gahh Posted April 13, 2007 Author Share Posted April 13, 2007 Ummm... I'm not sure if I can trust CounterSpy. Because I'm not sure how to viruses came in if it wasn't from downloading, but the only things I downloaded recently were the programs you told me to download. I'm not blaming anyone here, I'm just asking can CounterSpy be trusted? Or maybe the download link was changed so a virus would come in. Please tell me if I can trust CounterSpy. Link to comment Share on other sites More sharing options...
coltm4carbine Posted April 13, 2007 Share Posted April 13, 2007 I've checked all the links - they're all legit to me :S... None of them has been changed. Have you been to any dodgy sites (I'm mainly talking about ones which installs crap on your PC without you noticing.) Mainly talking about hxxp://verycd.265.com/. It's related to a few crap infested sites (looking at YOK here). Another question.... Did you set your homepage to hxxp://verycd.265.com? the link to counterspy is from download.com and the program is made by sunbelt software - one of the best companies in the antimalware business ATM... It's a 15 day trial though. Do you have the log from whichever scanner that detected your malware? That would help... Also which scanner did you use. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now