Computer has experiance, None Stop Popups , Deleting software and it reinstalls. MSN Worm keeps msg everybody on the list lol and possible much much more. Need help never done this before.




****************************************
Bazooka Scanner v1.13.03
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
support@kephyr.com
Log created 19:18:48.
OS: Windows NT 5.1
Database version: 3.030000
Database format version: 1.020000
Database date: 20050705
Current date: 2005-07-11 19:18


****************************************
Result when scanning:

BullsEye 433.111.901 %SystemDir%\msxct.exe
C:\WINDOWS\system32\\msxct.exe
http://www.kephyr.com/spywarescanner/libra...eye/index.phtml

EliteBar 233.523.000 {28CAEFF3-0F18-4036-B504-51D73BD81ABC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}
http://www.kephyr.com/spywarescanner/libra...bar/index.phtml

EliteBar 233.523.002 {825CF5BD-8862-4430-B771-0C15C5CA8DEF}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}
http://www.kephyr.com/spywarescanner/libra...bar/index.phtml

EliteBar 233.523.001 checkrun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\checkrun
http://www.kephyr.com/spywarescanner/libra...bar/index.phtml

Internet Optimizer 123.000.003 %ProgramsDir%\Internet Optimizer\
C:\Program Files\Internet Optimizer\
http://www.kephyr.com/spywarescanner/libra...zer/index.phtml

ISTBar 122.122.007 %ProgramsDir%\ISTBar\
C:\Program Files\ISTBar\
http://www.kephyr.com/spywarescanner/libra...bar/index.phtml

PowerScan 070.000.001 %ProgramsDir%\Power Scan\
C:\Program Files\Power Scan\
http://www.kephyr.com/spywarescanner/libra...can/index.phtml

****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Documents and Settings\Paul\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Paul\Start Menu\Programs\Startup\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA

NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

VAIO Recovery C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VAIO Recovery

QuickFinder Scheduler "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickFinder Scheduler

NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck

ProSiteFinder C:\Program Files\ProSiteFinder\prositefinder.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ProSiteFinder

ezShieldProtector for Px C:\WINDOWS\system32\ezSP_Px.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ezShieldProtector for Px

checkrun C:\windows\system32\elitexom32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\checkrun

Microsoft Windows DLL Services Configuration poker3.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Windows DLL Services Configuration

MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr

Steam
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Steam


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{28CAEFF3-0F18-4036-B504-51D73BD81ABC} C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}


****************************************
Toolbars:

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{C4F5E343-9494-4744-8E35-440449E45FD5} C:\Program Files\IEToolbar\Favouritelink_ToolBar_free_popupstopper.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C4F5E343-9494-4744-8E35-440449E45FD5}

{825CF5BD-8862-4430-B771-0C15C5CA8DEF} C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

{FAA356E4-D317-42A6-AB41-A3021C6E7D52} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{FAA356E4-D317-42A6-AB41-A3021C6E7D52}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{FAA356E4-D317-42A6-AB41-A3021C6E7D52}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{32683183-48a0-441b-a342-7c2a440a9478} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
explorer.exe
atiptaxx.exe
prositefinder.exe
ezSP_Px.exe
USBsircs.exe
ReserveModule.exe
gps.exe
prositefinderh.exe
prositefinder.exe
AVGUARD.EXE
AVWUPSRV.EXE
shwserv.exe
wdfmgr.exe
RM_SV.exe
alg.exe
explorer.exe
iexplore.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/en-us/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/en-us/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider MSN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page %SystemRoot%\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://ie.search.msn.com/en-us/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page


****************************************

Hello and welcome to GeeksToGo! My name is Kat, and I will be helping you. You do have some problems showing, but I would like to see a couple of other things before we tackle the fixes!

Please download ewido security suite it is a trial version of the program.

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:

• Click on scanner
• Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
• Click on Start Scan
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK
Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop

After you have done this, please go here and follow the directions in "Step 5:Posting a HijackThis log".

make a reply to this thread using the "Add Reply" button, and give me a copy of the Ewido log, as well as a HijackThis log, and we'll get you cleaned up!

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.