Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CLICKSEARCHCLICK NEED MAJOR HELP- [Resolved]

Started by Monkeyboi786 , May 29 2005 07:12 PM

  • This topic is locked This topic is locked

#1
Monkeyboi786
Posted 29 May 2005 - 07:12 PM

Monkeyboi786

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:03:45 PM, on 5/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\ORB Networks\ORB\Cab\MainRegister\CabDirectory.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbMediaService\OrbMediaService.exe
C:\Program Files\ORB Networks\ORB\ORBTV\ORBPVR\OrbPVR.exe
C:\Program Files\ORB Networks\ORB\ORBTV\OrbStreamer\rtspServer.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbFinance\OrbFinance.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbWeather\OrbWeather.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbMaps\OrbMaps.exe
C:\Program Files\ORB Networks\ORB\ORBTV\OrbTVXml\OrbTVXML.exe
C:\Program Files\ORB Networks\ORB\ORBTV\OrbTVXml\OrbIR.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\win32.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ORB Networks\ORB\ORBTrayIcon\OrbTrayIcon.exe
C:\Program Files\MSN Toolbar Suite\DS\02.01.0000.2217\en-us\bin\WindowsSearch.exe
C:\Program Files\Custom Mac\YzShadow\YzShadow.exe
C:\Program Files\MSN Toolbar Suite\DS\02.01.0000.2217\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\ORB Networks\ORB\bin\Orb.exe
C:\Program Files\ORB Networks\ORB\ORBMedia\OrbMedia\ORBMedia.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbClient\OrbClient.exe
C:\Program Files\ORB Networks\ORB\ORBTV\OrbStreamer\OrbStreamer.exe
C:\WINDOWS\system32\Services\{0D6DCB02-F303-4246-9CB1-5B3A7F488D9A}\SVCHOST.EXE
C:\Documents and Settings\Murtaza Zakir\Desktop\New Folder\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...ndex.php?aff=19
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051005 serial=DR12WEX-1504397-kty lang=EN
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{0D6DCB02-F303-4246-9CB1-5B3A7F488D9A}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{0D6DCB02-F303-4246-9CB1-5B3A7F488D9A}\SECURITY.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\win32.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Shortcut to YzShadow.lnk = C:\Program Files\Custom Mac\YzShadow\YzShadow.exe
O4 - Global Startup: ORB.lnk = C:\Program Files\ORB Networks\ORB\ORBTrayIcon\OrbTrayIcon.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.01.0000.2217\en-us\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...34/sdcregie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110126039218
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-f...ayx_vp3_mp3.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.../ra/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/ractrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F560B3F-A05A-4D90-AAA4-4B97E4B3A8E7}: NameServer = 68.39.224.7,68.87.64.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F560B3F-A05A-4D90-AAA4-4B97E4B3A8E7}: NameServer = 68.39.224.7,68.87.64.196
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F560B3F-A05A-4D90-AAA4-4B97E4B3A8E7}: NameServer = 68.39.224.7,68.87.64.196
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O21 - SSODL: System - {619B9558-3C4A-4567-AC60-B563F3D5F08D} - vr_sys.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CabDirectory - Orb Networks - C:\Program Files\ORB Networks\ORB\Cab\MainRegister\CabDirectory.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\ORB Networks\ORB\ORBServices\OrbMediaService\OrbMediaService.exe
O23 - Service: ORBPVR - Unknown owner - C:\Program Files\ORB Networks\ORB\ORBTV\ORBPVR\OrbPVR.exe
  • 0

Advertisements

#2
Hemal
Posted 29 May 2005 - 07:23 PM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Close all programs leaving only HijackThis running. Place a check against each of the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...ndex.php?aff=19
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051005 serial=DR12WEX-1504397-kty lang=EN
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{0D6DCB02-F303-4246-9CB1-5B3A7F488D9A}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{0D6DCB02-F303-4246-9CB1-5B3A7F488D9A}\SECURITY.EXE
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\win32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O21 - SSODL: System - {619B9558-3C4A-4567-AC60-B563F3D5F08D} - vr_sys.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\system32\win32.exe
C:\WINDOWS\system32\Services\{0D6DCB02-F303-4246-9CB1-5B3A7F488D9A}\SVCHOST.EXE


Post back a fresh HijackThis log and we will take another look. How's your computer running?
  • 0

#3
Monkeyboi786
Posted 29 May 2005 - 08:17 PM

Monkeyboi786

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the fast response, and sorry for my slow one.

When the ad-ware was running, my computer was going at 100% CPU usage.

here's my updated log.

Logfile of HijackThis v1.99.1
Scan saved at 10:15:23 PM, on 5/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ORB Networks\ORB\ORBTrayIcon\OrbTrayIcon.exe
C:\Program Files\MSN Toolbar Suite\DS\02.01.0000.2217\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.01.0000.2217\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Custom Mac\YzShadow\YzShadow.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\ORB Networks\ORB\Cab\MainRegister\CabDirectory.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbMediaService\OrbMediaService.exe
C:\Program Files\ORB Networks\ORB\ORBTV\OrbStreamer\rtspServer.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbFinance\OrbFinance.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbWeather\OrbWeather.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbMaps\OrbMaps.exe
C:\Program Files\ORB Networks\ORB\ORBTV\OrbTVXml\OrbTVXML.exe
C:\Program Files\ORB Networks\ORB\ORBTV\OrbTVXml\OrbIR.exe
C:\Program Files\ORB Networks\ORB\ORBTV\ORBPVR\OrbPVR.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ORB Networks\ORB\bin\Orb.exe
C:\Program Files\ORB Networks\ORB\ORBMedia\OrbMedia\ORBMedia.exe
C:\Program Files\ORB Networks\ORB\ORBServices\OrbClient\OrbClient.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\ORB Networks\ORB\ORBTV\OrbStreamer\OrbStreamer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{F64EB83A-61E9-49BE-BED4-261425F6C4DB}\SECURITY.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Shortcut to YzShadow.lnk = C:\Program Files\Custom Mac\YzShadow\YzShadow.exe
O4 - Global Startup: ORB.lnk = C:\Program Files\ORB Networks\ORB\ORBTrayIcon\OrbTrayIcon.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.01.0000.2217\en-us\bin\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...34/sdcregie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110126039218
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-f...ayx_vp3_mp3.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.../ra/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/ractrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F560B3F-A05A-4D90-AAA4-4B97E4B3A8E7}: NameServer = 68.39.224.7,68.87.64.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F560B3F-A05A-4D90-AAA4-4B97E4B3A8E7}: NameServer = 68.39.224.7,68.87.64.196
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F560B3F-A05A-4D90-AAA4-4B97E4B3A8E7}: NameServer = 68.39.224.7,68.87.64.196
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CabDirectory - Orb Networks - C:\Program Files\ORB Networks\ORB\Cab\MainRegister\CabDirectory.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\ORB Networks\ORB\ORBServices\OrbMediaService\OrbMediaService.exe
O23 - Service: ORBPVR - Unknown owner - C:\Program Files\ORB Networks\ORB\ORBTV\ORBPVR\OrbPVR.exe
  • 0

#4
Hemal
Posted 29 May 2005 - 09:17 PM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Close all programs leaving only HijackThis running. Place a check against each of the following:

O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{F64EB83A-61E9-49BE-BED4-261425F6C4DB}\SECURITY.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Click on Fix Checked when finished and exit HijackThis.

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

How are the pop-ups and other problems?
  • 0

#5
Monkeyboi786
Posted 29 May 2005 - 09:30 PM

Monkeyboi786

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you I've done what you said.

Even before that though, my computer is running as it once was. Really appreciate it.

It's running at a proper speed with out the CPU at high levels.
Also, as far as i see, there are no popups (I am using Firefox)


On that note, btw, it seems the clicksearchclick affected my firefox also

Edited by Monkeyboi786, 29 May 2005 - 09:31 PM.

  • 0

#6
Hemal
Posted 29 May 2005 - 10:15 PM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Im glad that your problem is resolved- as of that i close this topic, if you need it reopened, contact me or anyother staff or admin :tazz:

Everyone else, please make your own posts
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP