Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help please

Started by JasPoSF , Nov 28 2007 02:44 AM

  • Please log in to reply

#1
JasPoSF
Posted 28 November 2007 - 02:44 AM

JasPoSF

    New Member

  • Member
  • Pip
  • 2 posts
I hope this is the right place to do this. Can someone please take me through the steps to clean my computer?

There seem to be a few issues. The main one is "Internet Speed Monitor". Used Add/Remove program but still not fixed. Ran adaware and spybot but doesnt work. Also with spybot search I find two things that cant be removed. One is "K2L" and the other is "Command Service" I appreciate the help in advance.

Jason
  • 0

Advertisements

#2
anzenketh
Posted 29 November 2007 - 11:09 AM

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
Hi JasPoSF welcome to geekstogo,

My name is tuxmaster, and I'll be helping you with your malware issues. I am currently looking over your log right now. Please note that I'm still in training, and my replies to you have to be approved before posting, so please excuse any delays between replies.

Edited by tuxmaster, 29 November 2007 - 11:10 AM.

  • 0

#3
anzenketh
Posted 29 November 2007 - 01:18 PM

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
Hello Hi JasPoSF

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
JasPoSF
Posted 30 November 2007 - 08:13 AM

JasPoSF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
There was no extra.txt file just a main.txt. Here it is.

Deckard's System Scanner v20071014.68
Run by Jason Porter on 2007-11-30 06:08:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Jason Porter.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:53 AM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Jason Porter\Desktop\dss.exe
C:\DOCUME~1\JASONP~1\Desktop\JASONP~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.n...al/guest.portal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\Jason Porter\\My Documents");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://dsl.sbc.yahoo.com/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "windows-1252, UTF-8, ISO-8859-1");
user_pref("ldap_2.p
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\Jason Porter\\My Documents");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://dsl.sbc.yahoo.com/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "windows-1252, UTF-8, ISO-8859-1");
user_pref("ldap_2.p
O1 - Hosts: 194.54.90.238 www.google.com
O1 - Hosts: 194.54.90.238 www.google.ca
O1 - Hosts: 194.54.90.238 www.google.com.ag
O1 - Hosts: 194.54.90.238 www.google.com.ar
O1 - Hosts: 194.54.90.238 www.google.com.au
O1 - Hosts: 194.54.90.238 www.google.at
O1 - Hosts: 194.54.90.238 www.google.az
O1 - Hosts: 194.54.90.238 www.google.be
O1 - Hosts: 194.54.90.238 www.google.com.br
O1 - Hosts: 194.54.90.238 www.google.vg
O1 - Hosts: 194.54.90.238 www.google.bi
O1 - Hosts: 194.54.90.238 www.google.ca
O1 - Hosts: 194.54.90.238 www.google.td
O1 - Hosts: 194.54.90.238 www.google.cl
O1 - Hosts: 194.54.90.238 www.google.com.co
O1 - Hosts: 194.54.90.238 www.google.co.cr
O1 - Hosts: 194.54.90.238 www.google.dk
O1 - Hosts: 194.54.90.238 www.google.com.do
O1 - Hosts: 194.54.90.238 www.google.fm
O1 - Hosts: 194.54.90.238 www.google.fi
O1 - Hosts: 194.54.90.238 www.google.fr
O1 - Hosts: 194.54.90.238 www.google.gm
O1 - Hosts: 194.54.90.238 www.google.ge
O1 - Hosts: 194.54.90.238 www.google.de
O1 - Hosts: 194.54.90.238 www.google.com.gi
O1 - Hosts: 194.54.90.238 www.google.com.gr
O1 - Hosts: 194.54.90.238 www.google.gl
O1 - Hosts: 194.54.90.238 www.google.gg
O1 - Hosts: 194.54.90.238 www.google.co.il
O1 - Hosts: 194.54.90.238 www.google.it
O1 - Hosts: 194.54.90.238 www.google.co.kr
O1 - Hosts: 194.54.90.238 www.google.lu
O1 - Hosts: 194.54.90.238 www.google.mw
O1 - Hosts: 194.54.90.238 www.google.ro
O1 - Hosts: 194.54.90.238 www.google.se
O1 - Hosts: 194.54.90.238 www.google.co.uk
O1 - Hosts: 194.54.90.238 www.google.uz
O1 - Hosts: 194.54.90.238 google.com
O1 - Hosts: 194.54.90.238 google.ca
O1 - Hosts: 194.54.90.238 google.com.ag
O1 - Hosts: 194.54.90.238 google.com.ar
O1 - Hosts: 194.54.90.238 google.com.au
O1 - Hosts: 194.54.90.238 google.at
O1 - Hosts: 194.54.90.238 google.az
O1 - Hosts: 194.54.90.238 google.be
O1 - Hosts: 194.54.90.238 google.com.br
O1 - Hosts: 194.54.90.238 google.vg
O1 - Hosts: 194.54.90.238 google.bi
O1 - Hosts: 194.54.90.238 google.ca
O1 - Hosts: 194.54.90.238 google.td
O1 - Hosts: 194.54.90.238 google.cl
O1 - Hosts: 194.54.90.238 google.com.co
O1 - Hosts: 194.54.90.238 google.co.cr
O1 - Hosts: 194.54.90.238 google.dk
O1 - Hosts: 194.54.90.238 google.com.do
O1 - Hosts: 194.54.90.238 google.fm
O1 - Hosts: 194.54.90.238 google.fi
O1 - Hosts: 194.54.90.238 google.fr
O1 - Hosts: 194.54.90.238 google.gm
O1 - Hosts: 194.54.90.238 google.ge
O1 - Hosts: 194.54.90.238 google.de
O1 - Hosts: 194.54.90.238 google.com.gi
O1 - Hosts: 194.54.90.238 google.com.gr
O1 - Hosts: 194.54.90.238 google.gl
O1 - Hosts: 194.54.90.238 google.gg
O1 - Hosts: 194.54.90.238 google.co.il
O1 - Hosts: 194.54.90.238 google.it
O1 - Hosts: 194.54.90.238 google.co.kr
O1 - Hosts: 194.54.90.238 google.lu
O1 - Hosts: 194.54.90.238 google.mw
O1 - Hosts: 194.54.90.238 google.ro
O1 - Hosts: 194.54.90.238 google.se
O1 - Hosts: 194.54.90.238 google.co.uk
O1 - Hosts: 194.54.90.238 google.uz
O1 - Hosts: 194.54.90.238 search.yahoo.com
O1 - Hosts: 194.54.90.238 de.search.yahoo.com
O1 - Hosts: 194.54.90.238 search.msn.com
O1 - Hosts: 194.54.90.238 search.msn.de
O1 - Hosts: 194.54.90.238 search.live.com
O1 - Hosts: ðj
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Exetender] C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\MCROSO~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .efp: C:\Program Files\Internet Explorer\Plugins\NPEFPrn.dll
O12 - Plugin for .efv: C:\Program Files\Internet Explorer\Plugins\NPEFV.dll
O12 - Plugin for .fmp: C:\Program Files\Internet Explorer\Plugins\NPFMP.dll
O12 - Plugin for .fmr: C:\Program Files\Internet Explorer\Plugins\NPFME.dll
O12 - Plugin for .ifx: C:\Program Files\Internet Explorer\Plugins\NPWebPrn.dll
O12 - Plugin for .lfx: C:\Program Files\Internet Explorer\Plugins\NPLaunch.dll
O12 - Plugin for .mwp: C:\Program Files\Internet Explorer\Plugins\NPMWPrn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter...jsp/VOLAWeb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} - http://projects.syna...merSetup-sa.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 15510 bytes

-- Files created between 2007-10-30 and 2007-11-30 -----------------------------

2007-11-29 00:09:02 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\Grisoft
2007-11-29 00:08:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-28 19:57:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 19:57:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-28 19:57:30 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\SUPERAntiSpyware.com
2007-11-27 00:22:05 0 d-------- C:\Program Files\SpywareBlaster
2007-11-25 22:47:37 0 d-------- C:\Program Files\Enigma Software Group
2007-11-25 22:39:11 0 d-------- C:\WINDOWS\owim
2007-11-25 22:39:11 0 d-------- C:\Program Files\Common Files\owim
2007-11-25 16:24:28 0 d--hs---- C:\WINDOWS\SmFzb24gUG9ydGVy
2007-11-24 14:15:21 0 d-------- C:\Program Files\QdrModule
2007-11-24 14:15:21 0 d-------- C:\Program Files\QdrDrive
2007-11-03 19:51:39 0 d-------- C:\WINDOWS\nview
2007-11-03 18:21:51 0 d-------- C:\Program Files\SystemRequirementsLab


-- Find3M Report ---------------------------------------------------------------

2007-11-29 23:56:45 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
2007-11-29 23:56:45 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
2007-11-28 23:22:57 0 d-------- C:\Program Files\Verizon
2007-11-28 23:14:23 0 d-------- C:\Program Files\Digital Line Detect
2007-11-28 23:14:12 0 d-------- C:\Program Files\Dell Photo AIO Printer 962
2007-11-28 23:12:17 0 d-------- C:\Program Files\Common Files\Motive
2007-11-28 19:56:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-28 11:58:01 110592 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-28 11:57:54 19249 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-28 00:25:07 2656 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-27 01:06:31 0 d-------- C:\Program Files\Common Files
2007-11-25 22:34:07 0 d-------- C:\Program Files\Movie Maker
2007-11-05 15:15:06 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-11-03 16:45:11 0 d-------- C:\Program Files\Verizon Games on Demand Player
2007-11-03 16:35:23 1712 --a------ C:\WINDOWS\GPlrLanc.dat
2007-10-22 11:52:17 0 d-------- C:\Program Files\Java
2007-09-17 00:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 00:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-17 00:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 00:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 00:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 00:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 00:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 00:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-08-30 16:34:46 53314 -----n--- C:\WINDOWS\ExentInfo.exe <Not Verified; Exent Technologies Ltd.; EXETender™ Client>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [05/16/2003 07:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 09:23 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [09/14/2004 11:01 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/20/2005 07:01 AM]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [01/18/2005 06:57 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [03/12/2005 06:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/26/2005 06:27 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"CTHelper"="CTHELPER.EXE" [02/02/2004 06:30 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 01:37 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 12:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 12:07 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 12:07 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [06/20/2003 02:13 AM C:\WINDOWS\MIDIDEF.EXE]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [06/12/2006 02:32 PM]
"Exetender"="C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" [08/30/2007 04:47 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"ares"="C:\Program Files\Ares\Ares.exe" []
"Sen"="C:\WINDOWS\MCROSO~1\dvdplay.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\Jason Porter\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/21/2006 7:43:41 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
DESKTOP.INI [8/10/2004 11:04:12 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/11/2004 6:12:18 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\OblivionLauncher.exe




-- End of Deckard's System Scanner: finished at 2007-11-30 06:09:16 ------------

I wanted to make you aware that another thing that is plaguing me is my Google search results are being misdirected to places like "MonsterMarketPlace" and other messed up sites. Thanks a lot!
  • 0

#5
anzenketh
Posted 02 December 2007 - 08:32 PM

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
JasPoSF,

Step 1: Disable Teatimer
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Step 2: Clean up the hosts
Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Please post a new main.txt DSS scan in your next post.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP