Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tried to get rid of TOPicks...to no avail [CLOSED]


  • This topic is locked This topic is locked

#1
audrey82305

audrey82305

    Member

  • Member
  • PipPip
  • 10 posts
If any one could look at this log file for me and help me remove TOPicks i would be eternally grateful :) Adaware shows Altnet and Anti spy shows cydoor.TOPicks.a but I am unable to remove them I am unaware if the MSConfig has been altered and havent messed with it but have been having this problem for some time I imagine there may be another posting on here explaining the process of removal and at the risk of asking someone to repeat themselves I would gladly take directions to the proper topic Any help is appreciated :tazz:


Logfile of HijackThis v1.99.1
Scan saved at 11:31:40 AM, on 9/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\YPSR\ypsr.exe
C:\Documents and Settings\Penelope\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://gsn.skilljam....llJamLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ToPicks starter"=-

[-HKEY_LOCAL_MACHINE\Software\Topicks]


Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

Check and fix these in HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}


Go to Start->Run and copy and paste the following into the Run box and hit OK (go to Start->Run again for each one):

regsvr32 /u "C:\Program Files\ToPicks\Bin\HtCheck2.dll"
regsvr32 /u "C:\Program Files\ToPicks\Bin\IdmUp.dll"
regsvr32 /u "C:\Program Files\ToPicks\Bin\TPReg.dll"
regsvr32 /u "C:\Program Files\ToPicks\Bin\TpBar.dll"
regsvr32 /u "C:\Program Files\ToPicks\Bin\DataMgr.dll"
regsvr32 /u "C:\Program Files\ToPicks\Bin\idmcom.dll"
regsvr32 /u "C:\Program Files\ToPicks\Bin\htps.dll"


Restart and delete this folder -> C:\Program Files\ToPicks\

Restart again and post a new HijackThis log.
  • 0

#3
audrey82305

audrey82305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I followed the advice of greyknight17 but ran into a problem when I was supposed to copy and paste the lines into the run box I got this msg

RegSvr32

LoadLibrary ("C:\Program Files\ToPicks\bin\Htcheck2.dll") failed- The specified module could not be found

it said the same thing with all the lines I was supposed to copy and paste
Please someone help :tazz:
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Skip that. Could you find and delete this folder:

C:\Program Files\ToPicks\
  • 0

#5
audrey82305

audrey82305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No I couldn't There are many folders and I started in Program Files and subsequently searched all the others but no luck...On Ad Aware it shows up as ALTnetBDE could it be hiding under another program file name? :tazz:
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Still there? I thought Altnet was removed earlier already? OK, run a new Ad-aware scan and give me the Ad-aware log. I'll take a look at that long log :tazz:
  • 0

#7
audrey82305

audrey82305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the Ad Aware log file Thank you very much for looking at it :tazz:

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, September 20, 2005 7:05:43 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R67 20.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AltnetBDE(TAC index:4):1 total references
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R67 20.09.2005
Internal build : 79
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 524443 Bytes
Total size : 1576182 Bytes
Signature data size : 1543004 Bytes
Reference data size : 32666 Bytes
Signatures total : 43850
CSI Fingerprints total : 1047
CSI data size : 37307 Bytes
Target categories : 15
Target families : 746


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:49 %
Total physical memory:458224 kb
Available physical memory:221816 kb
Total page file size:1083204 kb
Available on page file:936092 kb
Total virtual memory:2097024 kb
Available virtual memory:2048144 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-20-2005 7:05:43 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Penelope\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1117834582-1233802789-217827623-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1117834582-1233802789-217827623-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 540
ThreadCreationTime : 9-21-2005 12:04:12 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 620
ThreadCreationTime : 9-21-2005 12:04:15 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 644
ThreadCreationTime : 9-21-2005 12:04:16 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 688
ThreadCreationTime : 9-21-2005 12:04:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 700
ThreadCreationTime : 9-21-2005 12:04:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 860
ThreadCreationTime : 9-21-2005 12:04:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 960
ThreadCreationTime : 9-21-2005 12:04:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [incdsrv.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe
Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe"
ProcessID : 996
ThreadCreationTime : 9-21-2005 12:04:16 AM
BasePriority : Normal
FileVersion : 4, 1, 0, 2
ProductVersion : 4, 1, 0, 2
ProductName : AHEAD Software incdsrv
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright © 2003
OriginalFilename : incdsrv.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1244
ThreadCreationTime : 9-21-2005 12:04:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1308
ThreadCreationTime : 9-21-2005 12:04:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1400
ThreadCreationTime : 9-21-2005 12:04:17 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1520
ThreadCreationTime : 9-21-2005 12:04:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1652
ThreadCreationTime : 9-21-2005 12:04:18 AM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:14 [lvcoms.exe]
ModuleName : C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
Command Line : "C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE"
ProcessID : 1660
ThreadCreationTime : 9-21-2005 12:04:18 AM
BasePriority : Normal
FileVersion : 8.1.2.1003
ProductVersion : 8.1.2.1003
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2003 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:15 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
Command Line : "C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe"
ProcessID : 1716
ThreadCreationTime : 9-21-2005 12:04:18 AM
BasePriority : Normal
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
ProductName : Comcast PhotoShow Media Manager
CompanyName : Simple Star, Inc.
FileDescription : Comcast PhotoShow Media Manager
LegalCopyright : Copyright © 2003-2004 Simple Star, Inc.
OriginalFilename : mssysmgr.exe

#:16 [ypager.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ypager.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
ProcessID : 1724
ThreadCreationTime : 9-21-2005 12:04:18 AM
BasePriority : Normal


#:17 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 1800
ThreadCreationTime : 9-21-2005 12:04:19 AM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:18 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 144
ThreadCreationTime : 9-21-2005 12:04:26 AM
BasePriority : Normal
FileVersion : 6.14.10.5664
ProductVersion : 6.14.10.5664
ProductName : NVIDIA Driver Helper Service, Version 56.64
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.64
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 232
ThreadCreationTime : 9-21-2005 12:04:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 284
ThreadCreationTime : 9-21-2005 12:04:26 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1024
ThreadCreationTime : 9-21-2005 12:04:35 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:22 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[3c0]SUSDSd5d0a13082ab9c4abe09110813f1a187
ProcessID : 572
ThreadCreationTime : 9-21-2005 12:05:15 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : penelope@ehg-comcast.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:penelope@ehg-comcast.hitbox.com/
Expires : 9-20-2006 7:05:44 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : penelope@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:penelope@statse.webtrendslive.com/
Expires : 9-18-2015 3:38:20 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : penelope@ehg-nestleusainc.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:penelope@ehg-nestleusainc.hitbox.com/
Expires : 9-20-2006 3:44:50 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : penelope@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:penelope@questionmarket.com/
Expires : 11-11-2006 7:48:44 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : penelope@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:penelope@hitbox.com/
Expires : 9-20-2006 7:05:44 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 9




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

7:15:44 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:00.610
Objects scanned:213900
Objects identified:6
Objects ignored:0
New critical objects:6
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\software\ and delete altnet

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

Restart. Any problems now?
  • 0

#9
audrey82305

audrey82305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It said error in deleting key could not delete I made sure the first option was checked but still no luck...this is more of a pest than a serious operating problem i know but my system does run slower since its been showing up on my scans If you have any more suggestions I will appreciate it but if you are at a loss <as I am> don't worry about it I know you are busy and I appreciate all your help anyway
thank you :tazz:
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'll help you till the end...until we are clear of this little critter :tazz:

Download Registrar Lite http://www.resplende...oad/reglite.exe and install it.

Copy and paste the follow text into the address bar and hit Go:

HKEY_LOCAL_MACHINE\software\

In the pane on the right are the values associated with that key. We want to delete this entry:

altnet

Again if it's not allowing you to delete it, right click and go to the Security/Permission settings to change the permissions.

Do you have more than one account on this computer? If you do, you might also want to try logging in as the other user to see if that will delete the entry.
  • 0

#11
audrey82305

audrey82305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok this thing is stubborn....i followed instructions to the T but it says access denied :tazz: grrr....this is a pain Thank You again for helping me im sure we'll get it off of here its just going to take some stealth manuvering :)
:)
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Have you tried using another user's account (if you have more than one) to see if that works? If that still won't work, then try this:

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_LOCAL_MACHINE\software\altnet]


Save the file as "delete.reg" in your c: drive. Make sure to save it with the quotes. Restart your computer now and insert your Windows XP CD. Boot from it and when it says hit R to enter Recovery Console (in the black screen), hit R. Then type in your administrator password. Now type in the following (hit ENTER key after each line):

cd c:
reg.exe delete.reg


Restart by hitting ctrl+alt+del and take out your XP CD. See if that deletes the entry.
  • 0

#13
audrey82305

audrey82305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Whoa....ok let me reread that... my computer came in a bundle with XP already installed I only have one user on this computer so i havent been able to try it any other way...Is that the same as starting in safe mode <by tapping f8 during startup> and do you think that would work?
Ill wait for your reply before I try that.
  • 0

#14
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It should have come with the XP CD though. That's not good. So what happens if Windows bombs out on you? How do you reinstall?

OK, see if you can get the bootdisks to work. Get the XP ones. I never tried this so try booting off from those and see if you can get to the prompt.

No, it's not the same. You need to be in the prompt. If you want, hit F8 and see if you can get to the command prompt to do this then.
  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP