• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
whitie

Hijack This Log

38 posts in this topic

i did the scan with the latest uptodate adaware mbut still get missing file 'C:\WINDOWS.1\system32\rundll32.exe'. i got a log for hijack this but need a look into it

Logfile of Trend Micro HijackThis

 

v2.0.2

Scan saved at 2:26:36 PM, on

 

03/09/2007

Platform: Windows XP SP2 (WinNT

 

5.01.2600)

MSIE: Internet Explorer v7.00

 

(7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.1\System32\smss.exe

C:\WINDOWS.1\system32\winlogon.exe

C:\WINDOWS.1\system32\services.exe

C:\WINDOWS.1\system32\lsass.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\System32\svchost.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\Explorer.EXE

C:\WINDOWS.1\system32\spoolsv.exe

C:\WINDOWS.1\Mixer.exe

C:\WINDOWS.1\system32\atiptaxx.exe

C:\Program

 

Files\MagicMus\MulMouse.exe

C:\Program

 

Files\Java\jre1.6.0_02\bin\jusched.ex

 

e

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc

 

.exe

C:\Program Files\Yahoo!\Search

 

Protection\SearchProtection.exe

C:\WINDOWS.1\system32\ctfmon.exe

C:\Program

 

Files\Google\GoogleToolbarNotifier\Go

 

ogleToolbarNotifier.exe

C:\Program Files\MagicMus\MagicWl.exe

C:\WINDOWS.1\system32\oodag.exe

C:\WINDOWS.1\system32\svchost.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr

 

.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex

 

e

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e

 

xe

C:\Program

 

Files\Yahoo!\Messenger\YahooMessenger

 

.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Trend

 

Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Search Bar =

 

http://us.rd.yahoo.com/customize/ie/d

 

efaults/sb/msgr8/*http://www.yahoo.co

 

m/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=54896

R0 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=69157

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=54896

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=54896

R0 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=69157

R0 - HKLM\Software\Microsoft\Internet

 

Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet

 

Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet

 

Explorer\SearchURL,(Default) =

 

http://us.rd.yahoo.com/customize/ie/d

 

efaults/su/msgr8/*http://www.yahoo.co

 

m

O2 - BHO: Yahoo! Toolbar Helper -

 

{02478D38-C3F9-4EFB-9B51-7695ECA05670

 

} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn5\

 

yt.dll

O2 - BHO: Adobe PDF Reader Link

 

Helper -

 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3

 

} - C:\Program Files\Common

 

Files\Adobe\Acrobat\ActiveX\AcroIEHel

 

per.dll

O2 - BHO: (no name) -

 

{0914953A-B6C0-42C3-983E-5213C64AFA9B

 

} - (no file)

O2 - BHO: Yahoo! IE Services Button -

 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897

 

} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class -

 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43

 

} - C:\Program

 

Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) -

 

{77701e16-9bfe-4b63-a5b4-7bd156758a37

 

} - (no file)

O2 - BHO: (no name) -

 

{7E853D72-626A-48EC-A868-BA8D5E23E045

 

} - (no file)

O2 - BHO: Google Toolbar Notifier BHO

 

-

 

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D

 

} - C:\Program

 

Files\Google\GoogleToolbarNotifier\2.

 

0.301.7164\swg.dll

O3 - Toolbar: Yahoo! Toolbar -

 

{EF99BD32-C1FB-11D2-892F-0090271D4F88

 

} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn5\

 

yt.dll

O3 - Toolbar: (no name) -

 

{5D956A61-05E7-427B-A2B1-BF32FB18B1BE

 

} - (no file)

O4 - HKLM\..\Run: [NeroFilterCheck]

 

C:\WINDOWS.1\system32\NeroCheck.exe

O4 - HKLM\..\Run: [C-Media Mixer]

 

Mixer.exe /startup

O4 - HKLM\..\Run: [AtiPTA]

 

atiptaxx.exe

O4 - HKLM\..\Run: [schedulingAgent]

 

mstinit.exe /firstlogon

O4 - HKLM\..\Run: [AVG7_CC]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex

 

e /STARTUP

O4 - HKLM\..\Run: [VersatoMs]

 

C:\Program

 

Files\MagicMus\MulMouse.exe

O4 - HKLM\..\Run: [Adobe Photo

 

Downloader] "C:\Program

 

Files\Adobe\Photoshop Album Starter

 

Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run:

 

[sunJavaUpdateSched] "C:\Program

 

Files\Java\jre1.6.0_02\bin\jusched.ex

 

e"

O4 - HKLM\..\Run: [YSearchProtection]

 

"C:\Program Files\Yahoo!\Search

 

Protection\SearchProtection.exe"

O4 - HKLM\..\RunServices:

 

[OrigRage128Tweaker]

 

"C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE"

 

/detectorig

O4 - HKCU\..\Run: [ctfmon.exe]

 

C:\WINDOWS.1\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program

 

Files\Google\GoogleToolbarNotifier\Go

 

ogleToolbarNotifier.exe

O4 - HKCU\..\Run: [shareaza]

 

"C:\Program

 

Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [YSearchProtection]

 

C:\Program Files\Yahoo!\Search

 

Protection\SearchProtection.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

 

/RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

 

/RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

 

/RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

 

/RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader

 

Speed Launch.lnk = C:\Program

 

Files\Adobe\Reader

 

8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader

 

Synchronizer.lnk = C:\Program

 

Files\Adobe\Reader

 

8.0\Reader\AdobeCollabSync.exe

O9 - Extra button: (no name) -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

 

} - C:\Program

 

Files\Java\jre1.6.0_02\bin\npjpi160_0

 

2.dll

O9 - Extra 'Tools' menuitem: Sun Java

 

Console -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

 

} - C:\Program

 

Files\Java\jre1.6.0_02\bin\npjpi160_0

 

2.dll

O9 - Extra button: Yahoo! Services -

 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897

 

} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research -

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263

 

} -

 

C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBA

 

R.DLL

O9 - Extra button: PartyPoker.com -

 

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

 

} - C:\Program

 

Files\PartyGaming\PartyPoker\RunApp.e

 

xe (file missing)

O9 - Extra 'Tools' menuitem:

 

PartyPoker.com -

 

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

 

} - C:\Program

 

Files\PartyGaming\PartyPoker\RunApp.e

 

xe (file missing)

O9 - Extra button: (no name) -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583

 

} - C:\WINDOWS.1\Network

 

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem:

 

@xpsp3res.dll,-20001 -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583

 

} - C:\WINDOWS.1\Network

 

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683

 

} - C:\Program

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows

 

Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683

 

} - C:\Program

 

Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Cribbage -

 

http://download.games.yahoo.com/games

 

/clients/y/it1_x.cab

O16 - DPF: Yahoo! Literati -

 

http://download.games.yahoo.com/games

 

/clients/y/tt4_x.cab

O16 - DPF:

 

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab

 

} (Installation Support) - C:\Program

 

Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF:

 

{5ED80217-570B-4DA9-BF44-BE107C0EC166

 

} (Windows Live Safety Center Base

 

Module) -

 

http://cdn.scan.onecare.live.com/reso

 

urce/download/scanner/wlscbase8300.ca

 

b

O16 - DPF:

 

{6414512B-B978-451D-A0D8-FCFDF33E833C

 

} (WUWebControl Class) -

 

http://update.microsoft.com/microsoft

 

update/v6/V5Controls/en/x86/client/wu

 

web_site.cab?1188685781896

O16 - DPF:

 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3

 

} (MUWebControl Class) -

 

http://update.microsoft.com/microsoft

 

update/v6/V5Controls/en/x86/client/mu

 

web_site.cab?1188684542854

O16 - DPF:

 

{8A94C905-FF9D-43B6-8708-F0F22D22B1CB

 

} (Wwlaunch Control) -

 

http://www.worldwinner.com/games/shar

 

ed/wwlaunch.cab

O16 - DPF:

 

{9D8D7672-93FF-417E-9024-C16AD141C50C

 

} (Haunted Control) -

 

http://www.worldwinner.com/games/v49/

 

haunted/haunted.cab

O16 - DPF:

 

{AC2881FD-5760-46DB-83AE-20A5C6432A7E

 

} (SwapIt Control) -

 

http://www.worldwinner.com/games/v64/

 

swapit/swapit.cab

O16 - DPF:

 

{C93C1C34-CEA9-49B1-9046-040F59E0E0D8

 

} (Paint Control) -

 

http://www.worldwinner.com/games/v42/

 

paint/paint.cab

O16 - DPF:

 

{D27CDB6E-AE6D-11CF-96B8-444553540000

 

} (Shockwave Flash Object) -

 

http://fpdownload2.macromedia.com/get

 

/shockwave/cabs/flash/swflash.cab

O16 - DPF:

 

{FAE74270-E5EE-49C3-B816-EA8B4D55F38F

 

} (H2hPool Control) -

 

http://www.worldwinner.com/games/v51/

 

h2hpool/h2hpool.cab

O23 - Service: Ati HotKey Poller -

 

Unknown owner -

 

C:\WINDOWS.1\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager

 

Server (Avg7Alrt) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr

 

.exe

O23 - Service: AVG7 Update Service

 

(Avg7UpdSvc) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc

 

.exe

O23 - Service: AVG E-mail Scanner

 

(AVGEMS) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e

 

xe

O23 - Service: iPodService - Unknown

 

owner - C:\Program

 

Files\iPod\bin\iPodService.exe (file

 

missing)

O23 - Service: O&O Defrag - O&O

 

Software GmbH -

 

C:\WINDOWS.1\system32\oodag.exe

 

--

End of file - 8778 bytes

Share this post


Link to post
Share on other sites

Hi whitie, and welcome to Lavasoft Support! :)

 

Please open Notepad (Start > All Programs > Accessories > Notepad). Under the Format tab, untick Word Wrap. Close Notepad, and create a new HijackThis log to post back here.

Share this post


Link to post
Share on other sites
i did the scan with the latest uptodate adaware mbut still get missing file 'C:\WINDOWS.1\system32\rundll32.exe'. i got a log for hijack this but need a look into it

Logfile of Trend Micro HijackThis

 

v2.0.2

Scan saved at 2:26:36 PM, on

 

03/09/2007

Platform: Windows XP SP2 (WinNT

 

5.01.2600)

MSIE: Internet Explorer v7.00

 

(7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.1\System32\smss.exe

C:\WINDOWS.1\system32\winlogon.exe

C:\WINDOWS.1\system32\services.exe

C:\WINDOWS.1\system32\lsass.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\System32\svchost.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\Explorer.EXE

C:\WINDOWS.1\system32\spoolsv.exe

C:\WINDOWS.1\Mixer.exe

C:\WINDOWS.1\system32\atiptaxx.exe

C:\Program

 

Files\MagicMus\MulMouse.exe

C:\Program

 

Files\Java\jre1.6.0_02\bin\jusched.ex

 

e

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc

 

.exe

C:\Program Files\Yahoo!\Search

 

Protection\SearchProtection.exe

C:\WINDOWS.1\system32\ctfmon.exe

C:\Program

 

Files\Google\GoogleToolbarNotifier\Go

 

ogleToolbarNotifier.exe

C:\Program Files\MagicMus\MagicWl.exe

C:\WINDOWS.1\system32\oodag.exe

C:\WINDOWS.1\system32\svchost.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr

 

.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex

 

e

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e

 

xe

C:\Program

 

Files\Yahoo!\Messenger\YahooMessenger

 

.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Trend

 

Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Search Bar =

 

http://us.rd.yahoo.com/customize/ie/d

 

efaults/sb/msgr8/*http://www.yahoo.co

 

m/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=54896

R0 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=69157

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=54896

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=54896

R0 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkI

 

d=69157

R0 - HKLM\Software\Microsoft\Internet

 

Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet

 

Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet

 

Explorer\SearchURL,(Default) =

 

http://us.rd.yahoo.com/customize/ie/d

 

efaults/su/msgr8/*http://www.yahoo.co

 

m

O2 - BHO: Yahoo! Toolbar Helper -

 

{02478D38-C3F9-4EFB-9B51-7695ECA05670

 

} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn5\

 

yt.dll

O2 - BHO: Adobe PDF Reader Link

 

Helper -

 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3

 

} - C:\Program Files\Common

 

Files\Adobe\Acrobat\ActiveX\AcroIEHel

 

per.dll

O2 - BHO: (no name) -

 

{0914953A-B6C0-42C3-983E-5213C64AFA9B

 

} - (no file)

O2 - BHO: Yahoo! IE Services Button -

 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897

 

} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class -

 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43

 

} - C:\Program

 

Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) -

 

{77701e16-9bfe-4b63-a5b4-7bd156758a37

 

} - (no file)

O2 - BHO: (no name) -

 

{7E853D72-626A-48EC-A868-BA8D5E23E045

 

} - (no file)

O2 - BHO: Google Toolbar Notifier BHO

 

-

 

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D

 

} - C:\Program

 

Files\Google\GoogleToolbarNotifier\2.

 

0.301.7164\swg.dll

O3 - Toolbar: Yahoo! Toolbar -

 

{EF99BD32-C1FB-11D2-892F-0090271D4F88

 

} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn5\

 

yt.dll

O3 - Toolbar: (no name) -

 

{5D956A61-05E7-427B-A2B1-BF32FB18B1BE

 

} - (no file)

O4 - HKLM\..\Run: [NeroFilterCheck]

 

C:\WINDOWS.1\system32\NeroCheck.exe

O4 - HKLM\..\Run: [C-Media Mixer]

 

Mixer.exe /startup

O4 - HKLM\..\Run: [AtiPTA]

 

atiptaxx.exe

O4 - HKLM\..\Run: [schedulingAgent]

 

mstinit.exe /firstlogon

O4 - HKLM\..\Run: [AVG7_CC]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex

 

e /STARTUP

O4 - HKLM\..\Run: [VersatoMs]

 

C:\Program

 

Files\MagicMus\MulMouse.exe

O4 - HKLM\..\Run: [Adobe Photo

 

Downloader] "C:\Program

 

Files\Adobe\Photoshop Album Starter

 

Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run:

 

[sunJavaUpdateSched] "C:\Program

 

Files\Java\jre1.6.0_02\bin\jusched.ex

 

e"

O4 - HKLM\..\Run: [YSearchProtection]

 

"C:\Program Files\Yahoo!\Search

 

Protection\SearchProtection.exe"

O4 - HKLM\..\RunServices:

 

[OrigRage128Tweaker]

 

"C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE"

 

/detectorig

O4 - HKCU\..\Run: [ctfmon.exe]

 

C:\WINDOWS.1\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program

 

Files\Google\GoogleToolbarNotifier\Go

 

ogleToolbarNotifier.exe

O4 - HKCU\..\Run: [shareaza]

 

"C:\Program

 

Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [YSearchProtection]

 

C:\Program Files\Yahoo!\Search

 

Protection\SearchProtection.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

 

/RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

 

/RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

 

/RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

 

/RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader

 

Speed Launch.lnk = C:\Program

 

Files\Adobe\Reader

 

8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader

 

Synchronizer.lnk = C:\Program

 

Files\Adobe\Reader

 

8.0\Reader\AdobeCollabSync.exe

O9 - Extra button: (no name) -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

 

} - C:\Program

 

Files\Java\jre1.6.0_02\bin\npjpi160_0

 

2.dll

O9 - Extra 'Tools' menuitem: Sun Java

 

Console -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

 

} - C:\Program

 

Files\Java\jre1.6.0_02\bin\npjpi160_0

 

2.dll

O9 - Extra button: Yahoo! Services -

 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897

 

} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research -

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263

 

} -

 

C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBA

 

R.DLL

O9 - Extra button: PartyPoker.com -

 

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

 

} - C:\Program

 

Files\PartyGaming\PartyPoker\RunApp.e

 

xe (file missing)

O9 - Extra 'Tools' menuitem:

 

PartyPoker.com -

 

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

 

} - C:\Program

 

Files\PartyGaming\PartyPoker\RunApp.e

 

xe (file missing)

O9 - Extra button: (no name) -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583

 

} - C:\WINDOWS.1\Network

 

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem:

 

@xpsp3res.dll,-20001 -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583

 

} - C:\WINDOWS.1\Network

 

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683

 

} - C:\Program

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows

 

Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683

 

} - C:\Program

 

Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Cribbage -

 

http://download.games.yahoo.com/games

 

/clients/y/it1_x.cab

O16 - DPF: Yahoo! Literati -

 

http://download.games.yahoo.com/games

 

/clients/y/tt4_x.cab

O16 - DPF:

 

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab

 

} (Installation Support) - C:\Program

 

Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF:

 

{5ED80217-570B-4DA9-BF44-BE107C0EC166

 

} (Windows Live Safety Center Base

 

Module) -

 

http://cdn.scan.onecare.live.com/reso

 

urce/download/scanner/wlscbase8300.ca

 

b

O16 - DPF:

 

{6414512B-B978-451D-A0D8-FCFDF33E833C

 

} (WUWebControl Class) -

 

http://update.microsoft.com/microsoft

 

update/v6/V5Controls/en/x86/client/wu

 

web_site.cab?1188685781896

O16 - DPF:

 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3

 

} (MUWebControl Class) -

 

http://update.microsoft.com/microsoft

 

update/v6/V5Controls/en/x86/client/mu

 

web_site.cab?1188684542854

O16 - DPF:

 

{8A94C905-FF9D-43B6-8708-F0F22D22B1CB

 

} (Wwlaunch Control) -

 

http://www.worldwinner.com/games/shar

 

ed/wwlaunch.cab

O16 - DPF:

 

{9D8D7672-93FF-417E-9024-C16AD141C50C

 

} (Haunted Control) -

 

http://www.worldwinner.com/games/v49/

 

haunted/haunted.cab

O16 - DPF:

 

{AC2881FD-5760-46DB-83AE-20A5C6432A7E

 

} (SwapIt Control) -

 

http://www.worldwinner.com/games/v64/

 

swapit/swapit.cab

O16 - DPF:

 

{C93C1C34-CEA9-49B1-9046-040F59E0E0D8

 

} (Paint Control) -

 

http://www.worldwinner.com/games/v42/

 

paint/paint.cab

O16 - DPF:

 

{D27CDB6E-AE6D-11CF-96B8-444553540000

 

} (Shockwave Flash Object) -

 

http://fpdownload2.macromedia.com/get

 

/shockwave/cabs/flash/swflash.cab

O16 - DPF:

 

{FAE74270-E5EE-49C3-B816-EA8B4D55F38F

 

} (H2hPool Control) -

 

http://www.worldwinner.com/games/v51/

 

h2hpool/h2hpool.cab

O23 - Service: Ati HotKey Poller -

 

Unknown owner -

 

C:\WINDOWS.1\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager

 

Server (Avg7Alrt) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr

 

.exe

O23 - Service: AVG7 Update Service

 

(Avg7UpdSvc) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc

 

.exe

O23 - Service: AVG E-mail Scanner

 

(AVGEMS) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e

 

xe

O23 - Service: iPodService - Unknown

 

owner - C:\Program

 

Files\iPod\bin\iPodService.exe (file

 

missing)

O23 - Service: O&O Defrag - O&O

 

Software GmbH -

 

C:\WINDOWS.1\system32\oodag.exe

 

--

End of file - 8778 bytes

ok srry there new at all this

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:12:31 AM, on 04/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.1\System32\smss.exe

C:\WINDOWS.1\system32\winlogon.exe

C:\WINDOWS.1\system32\services.exe

C:\WINDOWS.1\system32\lsass.exe

C:\WINDOWS.1\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS.1\System32\svchost.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\Explorer.EXE

C:\WINDOWS.1\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\WINDOWS.1\system32\oodag.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS.1\system32\wscntfy.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\MagicMus\MulMouse.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS.1\Mixer.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\MagicMus\MagicWl.exe

C:\WINDOWS.1\system32\atiptaxx.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS.1\system32\ctfmon.exe

C:\WINDOWS.1\system32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

c:\program files\softwin\bitdefender10\bdmcon.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - (no file)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O3 - Toolbar: (no name) - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - (no file)

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\RunServices: [OrigRage128Tweaker] "C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE" /detectorig

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188685781896

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188684542854

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab

O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 9981 bytes

Share this post


Link to post
Share on other sites

by the way thanks for bothering really appreciates it !!! :rolleyes: i'm trying to do the best i can on my own lol been useing free scaners via filehippo thanks again hope ya can help me!!! :)

Share this post


Link to post
Share on other sites

Hi whitie,

 

Can I ask that you stop doing your own cleaning as this can confusion while trying to clean your computer.

 

Please do the following...

 

1. You have multiple anti-virus programs (AVG and BitDefender). This is not a good idea. Multiple anti-virus programs will conflct and this will cause many problems. Please uninstall one of those via Add/Remove programs in Control Panel.

 

2. Open HijackThis

- Click the Do a system scan only button

- Check the following entries (below)

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

 

O2 - BHO: (no name) - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - (no file)

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O3 - Toolbar: (no name) - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - (no file)

 

- Close ALL open windows (especially Internet Explorer!)

- Click Fix Checked

Close HiajckThis

 

3. I need to see another log from HijackThis.

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.

4. Please post a new HijackThis log, and the Uninstall list.

Share this post


Link to post
Share on other sites

thanks very very much for helping i'm really trying here i did try to unistall what scaners i could but i can't open add and remove so i can only do so much but thnks very much for helping

Ad-Aware SE Personal

Adobe Flash Player Plugin

Adobe Reader 8

Adobe® Photoshop® Album Starter Edition 3.0

ATI Display Driver

AVG Free Edition

CCleaner (remove only)

Compatibility Pack for the 2007 Office system

Daytona USA

Deluxe Menu

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

ewido anti-malware

Google Earth

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB896344)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB928388)

Hotfix for Windows XP (KB929120)

J2SE Runtime Environment 5.0 Update 10

Java DB 10.2.2.0

Java 6 Update 2

Java SE Development Kit 6 Update 2

Java SE Runtime Environment 6 Update 1

Macromedia Shockwave Player

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix

Microsoft .NET Framework 2.0

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft Office Word Viewer 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Windows Journal Viewer

Motorola Software Update

Mozilla Firefox (2.0.0.6)

MP3+G Toolz

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 6.0 Parser (KB933579)

Nero 6 Enterprise Edition

O&O Defrag Professional Edition

Parker Brothers Classic Card Games

PC Inspector File Recovery

PCI Audio Driver

PS to USB convert cable

Rogers Yahoo! Applications

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938829)

Sega Rally 2 Championship - www.cgarchive.com

Shareaza version 2.2.5.0

ShortKeys Lite

Spybot - Search & Destroy

Tweak UI

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920342)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925876)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

ViewMate Desktop Mouse CC2201 Uninstaller

Windows Communication Foundation

Windows Genuine Advantage v1.3.0254.0

Windows Imaging Component

Windows Internet Explorer 7

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player Hotfix [see Q828026 for more information]

Windows Support Tools

Wipe It Off - Free Edition

Yahoo! Browser Services

Yahoo! Search Protection

 

hope that's what ya need thnks i'll keep checking e-mail for updates again thanks alot :lol:

Share this post


Link to post
Share on other sites

Hi whitie

 

I merged your new topic with the last reply into this one. Otherwise, Trogan won't be able to find it.

 

Remember to keep you replies to this topic and he'll get notices by email when you reply (he won't if you start a new topic)

Share this post


Link to post
Share on other sites
thanks very very much for helping i'm really trying here i did try to unistall what scaners i could but i can't open add and remove so i can only do so much but thnks very much for helping

Ad-Aware SE Personal

Adobe Flash Player Plugin

Adobe Reader 8

Adobe® Photoshop® Album Starter Edition 3.0

ATI Display Driver

AVG Free Edition

CCleaner (remove only)

Compatibility Pack for the 2007 Office system

Daytona USA

Deluxe Menu

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

ewido anti-malware

Google Earth

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB896344)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB928388)

Hotfix for Windows XP (KB929120)

J2SE Runtime Environment 5.0 Update 10

Java DB 10.2.2.0

Java 6 Update 2

Java SE Development Kit 6 Update 2

Java SE Runtime Environment 6 Update 1

Macromedia Shockwave Player

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix

Microsoft .NET Framework 2.0

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft Office Word Viewer 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Windows Journal Viewer

Motorola Software Update

Mozilla Firefox (2.0.0.6)

MP3+G Toolz

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 6.0 Parser (KB933579)

Nero 6 Enterprise Edition

O&O Defrag Professional Edition

Parker Brothers Classic Card Games

PC Inspector File Recovery

PCI Audio Driver

PS to USB convert cable

Rogers Yahoo! Applications

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938829)

Sega Rally 2 Championship - www.cgarchive.com

Shareaza version 2.2.5.0

ShortKeys Lite

Spybot - Search & Destroy

Tweak UI

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920342)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925876)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

ViewMate Desktop Mouse CC2201 Uninstaller

Windows Communication Foundation

Windows Genuine Advantage v1.3.0254.0

Windows Imaging Component

Windows Internet Explorer 7

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player Hotfix [see Q828026 for more information]

Windows Support Tools

Wipe It Off - Free Edition

Yahoo! Browser Services

Yahoo! Search Protection

 

hope that's what ya need thnks i'll keep checking e-mail for updates again thanks alot :lol:

ok srry thnks for the help!!! :)

Share this post


Link to post
Share on other sites

No problem :lol: Trogan will be able to find you now.

 

Oh, and when you want to reply use the Add Reply button (and not the "reply button). That way you won't end up with those uneeded quotes from a prior post :) I know that using these forums can be confusing sometimes, so it's our job to help you and we don't mind helping you along when it does get confusing.

 

If you scroll down a wee bit when you want to reply you will see the button I'm talking about here:

post-65-1188944758.gif

Share this post


Link to post
Share on other sites

Is Add/Remove programs working? Please let me know.

Share this post


Link to post
Share on other sites

Please go Here and download rundll32.exe for Windows XP to your Desktop.

 

Extract the ZIP file to your Desktop. A folder should be created with rundll32.exe inside. Copy and paste this to the C:\WINDOWS.1\system32 folder.

 

Reboot the computer and let me know if you can open Add/Remove programs.

Share this post


Link to post
Share on other sites

ok now i got acesss to the control panel thnks but i can't get into yahoo crib i think the java needs to be reinstalled now gona try it see what happens

:D:) :) :)

Share this post


Link to post
Share on other sites

Hi whitie! That is great news. :D

 

Still have some work to do...

 

1. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

 

ewido anti-malware <-- there is an updated version out. We'll get that later.

Javaâ„¢ SE Runtime Environment 6 Update 1

 

2. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

 

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

http://www.ewido.net/en/download/

  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.

    [*]Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.

    [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.

AVG Anti-Spyware manual updates.

Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

 

Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Once in Safe Mode:

 

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.

      [*]Under How to scan?

      • All checkboxes should be ticked.

      [*]Under Possibly unwanted software:

      • All checkboxes should be ticked.

      [*]Under Reports:

      • Select Do not automatically generate reports

      [*]Under What to scan?

      • Select Scan every file.

    [*]Click on the Scan tab.

    [*]Click on Complete System Scan to start the scan process.

    [*]Let the program scan the machine.

    [*]When the scan has finished, follow the instructions below.

    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg

    [*]When done, click the Save Scan Report button. (4)

    • Click the Save Report as button.
    • Save the report to your Desktop.

    [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot back into Normal Mode and post a new HijackThis log, along with the AVG Anti-Spyware log.

Share this post


Link to post
Share on other sites

i'm haveing trouble turning off start with windows part thnks i'm gona have to install hijack this again thought i was done hehe i had to uninstall all the java's and reinstall the new java so now i got acess to my crib now :D

Share this post


Link to post
Share on other sites
i'm haveing trouble turning off start with windows part thnks i'm gona have to install hijack this again thought i was done hehe i had to uninstall all the java's and reinstall the new java so now i got acess to my crib now :D

not worry i got it !!!!going to safe mode now soon as i download hijack this

Share this post


Link to post
Share on other sites

:) :) :) okie here it goes whew!!!! first time in safe mode!!!!!! lol only got this thig (computer) just under 2 years ago!!! think i'm doing pretty good tho! {;))

 

---------------------------------------------------------

 

+ Created at: 2:28:58 PM 05/09/2007

 

+ Scan result:

 

 

 

:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kxnnhlm9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kxnnhlm9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kxnnhlm9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kxnnhlm9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.

 

 

::Report end

hijack this

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:50:47 PM, on 05/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.1\System32\smss.exe

C:\WINDOWS.1\system32\winlogon.exe

C:\WINDOWS.1\system32\services.exe

C:\WINDOWS.1\system32\lsass.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\System32\svchost.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\Explorer.EXE

C:\WINDOWS.1\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS.1\system32\oodag.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\MagicMus\MulMouse.exe

C:\WINDOWS.1\Mixer.exe

C:\WINDOWS.1\system32\atiptaxx.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS.1\system32\ctfmon.exe

C:\Program Files\MagicMus\MagicWl.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\RunServices: [OrigRage128Tweaker] "C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE" /detectorig

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188685781896

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188684542854

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab

O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe

 

--

End of file - 7465 bytes

again thanks for everything!!!! {:o)

Share this post


Link to post
Share on other sites

and worldwinner crap

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:31:45 PM, on 05/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.1\System32\smss.exe

C:\WINDOWS.1\system32\winlogon.exe

C:\WINDOWS.1\system32\services.exe

C:\WINDOWS.1\system32\lsass.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\System32\svchost.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\Explorer.EXE

C:\WINDOWS.1\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS.1\system32\oodag.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\MagicMus\MulMouse.exe

C:\WINDOWS.1\Mixer.exe

C:\WINDOWS.1\system32\atiptaxx.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS.1\system32\ctfmon.exe

C:\Program Files\MagicMus\MagicWl.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\system32\wscntfy.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\RunServices: [OrigRage128Tweaker] "C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE" /detectorig

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188685781896

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188684542854

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe

 

--

End of file - 6576 bytes

Share this post


Link to post
Share on other sites

Hi whitie!

 

You've done a good job so far. But where is your Anti-Virus program? I did not ask you to uninstall both BitDefender and AVG, just one. AVG Anti-Spyware is NOT an Anti-Virus program - it is a completely different.

 

Please install an Anti-Virus program straight away, either BitDefender or AVG. Also, do you have a Firewall? Let me know.

 

Post a new HijackThis log after installing an Anti-Virus program.

Share this post


Link to post
Share on other sites

oh lol i thought the avg spy ware was the same lol plus my firewall is up ok i'll install it back then lol thnks again

Share this post


Link to post
Share on other sites

ok i installed bitdefender amd scanned with all the scans lol quick full removeable deep docs memory rootkits whew

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:26:23 PM, on 06/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.1\System32\smss.exe

C:\WINDOWS.1\system32\winlogon.exe

C:\WINDOWS.1\system32\services.exe

C:\WINDOWS.1\system32\lsass.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\System32\svchost.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\Explorer.EXE

C:\WINDOWS.1\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS.1\system32\oodag.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\WINDOWS.1\system32\atiptaxx.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS.1\system32\ctfmon.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\WINDOWS.1\system32\wuauclt.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [bDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\RunServices: [OrigRage128Tweaker] "C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE" /detectorig

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188685781896

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188684542854

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 7459 bytes

i also put on daily scan with avg spy and set automatic updates ok?

whew hope that idid it ok

Share this post


Link to post
Share on other sites

ok i installed bitdefender amd scanned with all the scans lol quick full removeable deep docs memory rootkits whew

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:26:23 PM, on 06/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.1\System32\smss.exe

C:\WINDOWS.1\system32\winlogon.exe

C:\WINDOWS.1\system32\services.exe

C:\WINDOWS.1\system32\lsass.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\System32\svchost.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\Explorer.EXE

C:\WINDOWS.1\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS.1\system32\oodag.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\WINDOWS.1\system32\atiptaxx.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS.1\system32\ctfmon.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\WINDOWS.1\system32\wuauclt.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [bDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\RunServices: [OrigRage128Tweaker] "C:\PROGRA~1\RAGE12~1\RAGE12~1.EXE" /detectorig

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188685781896

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188684542854

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 7459 bytes

i also put on daily scan with avg spy and set automatic updates ok?

whew hope that idid it ok

Share this post


Link to post
Share on other sites

Hi whitie,

 

i also put on daily scan with avg spy and set automatic updates ok?

That's good! :)

 

whew hope that idid it ok

You've done a great job! :)

 

Your HijackThis log is clean. Any questions or problems? If not, can we archive this thread?

 

Here are some tips for a clean and secure computer.

 

For XP users.

It's a good idea to Flush your System Restore points after ridding yourself of malware. You can clean this by doing the following:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

 

Make your Internet Explorer more secure

  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click on the Security tab
  3. Click the Internet icon so it becomes highlighted.
  4. Click on Default Level and click OK
  5. Click on the Custom Level button.

    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • Internet Explorer 7 users: Check all other items and make sure that they meet the (recommended) setting when applies.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the

settings, press the Yes button.

[*]Next press the Apply button and then the OK to exit the Internet Properties page.

Keep your Sun Java up to date

 

The most current version of Sun Java is: Java Runtime Environment Version 6.0

http://java.sun.com/javase/downloads/index.jsp

  • Scroll down to where it says Java Runtime Environment (JRE) 6.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

And in the future, remember to remove older versions of Java when you update to a newer version to avoid exploitation of older versions left on your system.

 

Free programs that may help you in keeping the PC clean

  • SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    You can download SpywareBlaster here
    A tutorial can be found here
  • SpywareGuard
    It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware. And you can easily have an anti-virus program running alongside SpywareGuard. It also features Download Protection and Browser Hijacking Protection.
    You can download SpywareGuard here
    A tutorial can be found here
  • IE-SPYAD
    IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites.
    You can download IE-SPYAD here
    A tutorial can be found here
  • Hosts File
    A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    A tutorial can be found here
    • MVPS Hosts File
      You can download the MVPS Hosts File here
      Furthermore the website contains useful tips and links to other resources and utilities.
    • Bluetack's Hosts File and Hosts Manager
      Essentially based on the research made by Webhelper, Andrew Clover and Eric L. Howes, it contains most if not all the known spyware sites...sites responsible for hijacks, rogue apllications etc...
      Download Bluetack's Hosts file here
      Download Bluetack's HostsManager here

Free Spyware Detection and Removal Programs

  • Ad-Aware
    It scans for known spyware on your computer. These scans should be run at least once every two weeks.
    You can download Ad-Aware here
    A tutorial can be found here
  • Spybot - Search & Destroy
    It scans for spyware and other malicious programs. Spybot has preventitive tools that stop programs from even installing on your computer.
    You can download Spybot - S&D here
    A tutorial can be found here

Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright Foistware.

You will find the list here

 

WinPatrol

 

WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files.

  • Detect & Neutralize Spyware.
  • Detect & Neutralize ADware.
  • Detect & Neutralize Viral infections.
  • Detect & Neutralize Unwanted IE Add-Ons.
  • Detect & Restore File Type Changes.
  • Automatically Filter Unwanted Cookies.
  • Avoid Start Page Hijacking.
  • Detect changes to HOSTS & critical system files.
  • Kill Multiple Tasks that replicate each other, in a single step!
  • Stop programs that repeatedly add themselves to your Startup List!

Starting with WinPatrol 9.5 PLUS users also get the addition of Real-time Infiltration Detection so they'll know immediately when changes are made to critical system areas. WinPatrol Free is not demo or trial software. You're welcome to use it as long as you like.

You can download WinPatrol here

WinPatrol FAQ

 

SiteHound by Firetrust

 

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

 

SiteHound will alert you when you enter a site which is known to contain:

  • Fraudulent claims or scams
  • Offensive material
  • Security vulnerabilities
  • Spyware or Adware
  • Spam related material
  • or other content deemed to be unsafe

Specifically, SiteHound blocks these categories:

 

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising

• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

 

System Requirements:

Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

 

Product Info & Download: SiteHound Toolbar

 

Use an AntiVirus Software

 

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs.

Computer Safety On line - Anti-Virus

http://forum.malwareremoval.com/viewtopic.php?p=53#53

 

Update your Anti Virus Software

 

It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

 

Use a Firewall

 

I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below.

Computer Safety On line - Software Firewalls

http://forum.malwareremoval.com/viewtopic.php?p=56#56

A tutorial on Understanding and Using Firewalls can be found here

 

Happy Surfing! :)

Share this post


Link to post
Share on other sites

ok get a load of this now i can't open internet explorer lmao and i get a missing PASPL.DDL and a InetCpl.CPL when yahoo meseenger opens

sigh the fun never ends!!!! :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0