Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please view my logfile [RESOLVED]


  • This topic is locked This topic is locked

#16
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ssouthall6

Posr the panda.log and hijackthis.log

You can uninstall the STARTNOW BROWSER with windows add remove programs.

Lc :tazz:
  • 0

Advertisements


#17
ssouthall6

ssouthall6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi ssouthall6

Posr the panda.log and hijackthis.log

You can uninstall the STARTNOW BROWSER with windows add remove programs.

Lc  :tazz:

View Post


Hi TM,

Tried uninstalling via the control panel but it won't alow me to do this.

BTW I downloaded panda titanium last night, ran the updates then scanned in safemode. It tells me it has now removed the registry item referring to savenow although it cannot remove hyperbar.
  • 0

#18
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ssouthall6

Post your hjt.log first let me see what has been download ??

Registry keys related to StartNow. The keys
will generally be under these branches:

HKEY_CURRENT_USER\Software\Microsoft\Installer\Features
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products
HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

There will be two keys in that last brach -- after these are
deleted you should no longer see StartNow in your Remove Programs list.

Kc :tazz:
  • 0

#19
ssouthall6

ssouthall6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi ssouthall6

Post your hjt.log first let me see what has been download ??

Registry keys related to StartNow. The keys
will generally be under these branches:

HKEY_CURRENT_USER\Software\Microsoft\Installer\Features
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products
HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

There will be two keys in that last brach -- after these are
deleted you should no longer see StartNow in your Remove Programs list.

Kc  :tazz:

View Post


Couldn't find anything relevent in the last branch- in fact there was loads of different folders but four other files- AOL Connectivity, Display name, Uninstall string and Default.

The startnow and startnow toolbars are still in the program menu.

Here is mylatest hjt logfile:

Logfile of HijackThis v1.99.1
Scan saved at 21:03:46, on 22/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\MediaKey\MediaKey.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  • 0

#20
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ssouthall6

This little tool will allow to remove the toolbars from your system.

I use it save's my a lot of time removing unwelcome pests.

toolbarcop
http://windowsxp.mvp.../toolbarcop.htm
Very safe to use.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab

Click on Fix Checked when finished and exit HijackThis.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#21
ssouthall6

ssouthall6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Kc,

Here is the log from toolbar cop:

ToolbarCop - Browser Add-on Report
--------------------------------------------------------------

Browser Extension: n/a - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll - Enabled - All Users

Toolbar: &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\System32\browseui.dll - Enabled - Current User

Toolbar: &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll - Enabled - Current User

Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll - Enabled - Current User

Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll - Enabled - All Users

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - Enabled - All Users

BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - Enabled - All Users

BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll - Enabled - All Users

Run - Startup: CTFMON.EXE - - C:\WINDOWS\system32\ctfmon.exe - Enabled - Current User

Run - Startup: NvCplDaemon - - RUNDLL32.EXE NvQTwk,NvCplDaemon initialize - Enabled - All Users

Run - Startup: nwiz - - nwiz.exe /install - Enabled - All Users

Run - Startup: NVIDIA nForce APU1 Utilities - - NVATray.exe - Enabled - All Users

Run - Startup: HPDJ Taskbar Utility - - C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe - Enabled - All Users

Run - Startup: WinampAgent - - "C:\Program Files\Winamp3\winampa.exe" - Enabled - All Users

Run - Startup: ServiceLayer - - C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe - Enabled - All Users

Run - Startup: Nokia Tray Application - - C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe - Enabled - All Users

Run - Startup: MediaKey - - C:\PROGRA~1\MediaKey\MediaKey.EXE - Enabled - All Users

Run - Startup: CARPService - - carpserv.exe - Enabled - All Users

Run - Startup: QuickTime Task - - "C:\Program Files\QuickTime\qttask.exe" -atboottime - Enabled - All Users

Run - Startup: msnappau - - "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe" - Enabled - All Users

Run - Startup: SunJavaUpdateSched - - C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe - Enabled - All Users

Run - Startup: BluetoothAuthenticationAgent - - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent - Enabled - All Users

Run - Startup: avast! - - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - Enabled - All Users

Run - Startup: eTrustPPAP - - "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" - Enabled - All Users

Run - Startup: PinnacleDriverCheck - - C:\WINDOWS\system32\PSDrvCheck.exe - Enabled - All Users

Run - Startup: iTunesHelper - - "C:\Program Files\iTunes\iTunesHelper.exe" - Enabled - All Users

Run - Startup: gcasServ - - "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" - Enabled - All Users

Run - Startup: SmcService - - C:\PROGRA~1\Sygate\SPF\smc.exe -startgui - Enabled - All Users



List of running Processes
--------------------------------------------------------------
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\MediaKey\MediaKey.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SHAUNS~1\LOCALS~1\Temp\Rar$EX00.922\Toolbarcop.exe
C:\WINDOWS\system32\rundll32.exe


Operating System details
----------------------------------------------------------
Operating System: Windows XP 5.1
Build: 2600
Service Pack level: Service Pack 2
  • 0

#22
ssouthall6

ssouthall6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
here's the details for HJT

Logfile of HijackThis v1.99.1
Scan saved at 14:58:11, on 23/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\MediaKey\MediaKey.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SHAUNS~1\LOCALS~1\Temp\Rar$EX00.922\Toolbarcop.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  • 0

#23
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ssouthall6

The toolbar list is clean.

Your HJT.log is clean.

Are you having any problems now, how is the system running now.

Kc :tazz:
  • 0

#24
ssouthall6

ssouthall6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi ssouthall6

The toolbar list is clean.

Your HJT.log is clean.

Are you having any problems now, how is the system running now.

Kc  :tazz:

View Post


System is running quicker but still showing the startnow toolbar in the control panel

Also panda showed 3 infected files still- will post the log in a couple of hours when i get home.
  • 0

#25
ssouthall6

ssouthall6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
panda showing the same infections.
  • 0

Advertisements


#26
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ssouthall6

Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
C:\WINDOWS\system32\HyperbarSS3.dll
C:\WINDOWS\system32\Hyperbar.dll

Let the system reboot.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#27
Guest_thatman_*

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP