Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

help with 180 seach assistant [CLOSED]

Started by matrixscatman , Oct 03 2005 12:35 PM

This topic is locked

#1
matrixscatman

Posted 03 October 2005 - 12:35 PM

New Member

Member
8 posts

Thank you for all your help. please tell me what to do.
Logfile of HijackThis v1.99.1
Scan saved at 2:32:35 PM, on 10/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\tsecure.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\sdbunutj.exe
C:\WINDOWS\System32\4fp4q3qk.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\program files\180searchassistant\salm.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\ITOOLS\IntelliKeys USB\ikusb.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\ProSiteFinder\prositefinderh.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\WINDOWS\system32\cmd.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lqplz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tech\Desktop\HijackThis-1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....0&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {00000000-0000-45C2-B4CF-A29CE13F7D32} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Windows IP Security Service] lqplz.exe
O4 - HKLM\..\Run: [Windowns Alert Service] explore.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ySW5] C:\WINDOWS\sdbunutj.exe
O4 - HKLM\..\Run: [4fp4q3qk] C:\WINDOWS\System32\4fp4q3qk.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [9ctc6ijk] C:\WINDOWS\System32\9ctc6ijk.exe
O4 - HKLM\..\Run: [dgjez] C:\WINDOWS\dgjez.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\RunServices: [Windows IP Security Service] lqplz.exe
O4 - HKLM\..\RunServices: [Windowns Alert Service] explore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows IP Security Service] lqplz.exe
O4 - HKCU\..\Run: [Windowns Alert Service] explore.exe
O4 - HKCU\..\RunServices: [Windows IP Security Service] lqplz.exe
O4 - HKCU\..\RunServices: [Windowns Alert Service] explore.exe
O4 - Global Startup: ikusbstart2.lnk = C:\ITOOLS\IntelliKeys USB\ikusbstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

#2
Trevuren

Posted 03 October 2005 - 09:26 PM

Old Dog

Retired Staff
18,699 posts

Hi matrixscatman and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

Click on My Controls at the top right hand corner of the window.
In the left hand column, click "View Topics"
If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

Run HijackThis
Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

Regards,

Trevuren

#3
matrixscatman

Posted 06 October 2005 - 10:44 AM

New Member

Topic Starter
Member
8 posts

Logfile of HijackThis v1.99.1
Scan saved at 12:43:48 PM, on 10/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\lqplz.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\sdbunutj.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\9ctc6ijk.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\ITOOLS\IntelliKeys USB\ikusb.exe
C:\Program Files\Microsoft Office\Office\POWERPNT.EXE
C:\Program Files\ProSiteFinder\prositefinderh.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....0&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {00000000-0000-4B49-A206-4156BA4D8BBC} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Windows IP Security Service] lqplz.exe
O4 - HKLM\..\Run: [Windowns Alert Service] explore.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ySW5] C:\WINDOWS\sdbunutj.exe
O4 - HKLM\..\Run: [4fp4q3qk] C:\WINDOWS\System32\4fp4q3qk.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [9ctc6ijk] C:\WINDOWS\System32\9ctc6ijk.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\RunServices: [Windows IP Security Service] lqplz.exe
O4 - HKLM\..\RunServices: [Windowns Alert Service] explore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows IP Security Service] lqplz.exe
O4 - HKCU\..\Run: [Windowns Alert Service] explore.exe
O4 - HKCU\..\RunServices: [Windows IP Security Service] lqplz.exe
O4 - HKCU\..\RunServices: [Windowns Alert Service] explore.exe
O4 - Global Startup: ikusbstart2.lnk = C:\ITOOLS\IntelliKeys USB\ikusbstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

#4
Trevuren

Posted 06 October 2005 - 11:17 AM

Old Dog

Retired Staff
18,699 posts

1. Download, install, update, configure, and run Ad-Aware SE Personal 1.06.

Download Ad-Aware SE Personal 1.06:
- Download Ad-Aware SE Personal 1.06.
- Save aawsepersonal.exe to a convenient location.
Install Ad-Aware SE Personal 1.06:
- Double-click on aawsepersonal.exe to install the program.
- Follow the default settings for installation.
- After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
Update Ad-Aware SE Personal 1.06:
- Double-click the Ad-Aware SE Personal icon on your desktop.
- Click "Check for updates now" then click "Connect".
- It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
Configure Ad-Aware SE Personal 1.06:
- Click on the Gear button at the top of the window.
- Click "General" on the left hand side to display the General Settings box.
  - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
    - "Automatically save logfile"
    - "Automatically quarantine objects prior to removal"
    - "Safe Mode (always request confirmation)"
    - "Prompt to update outdated definitions" - change to 7 days from the default 14.
- Click "Scanning" on the left hand side to display the Scan Settings box.
  - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
  - "Scan within archives"
  - "Select drives & folders to scan" - select your hard drive(s).
  - "Scan active processes"
  - "Scan registry"
  - "Deep-scan registry"
  - "Scan my IE favorites for banned URLs"
  - "Scan my Hosts file"
- Click "Advanced" on the left hand side to display the Advanced Settings box.
  - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
  - "Move deleted files to Recycle Bin"
  - "Include additional object information"
  - "Include negligible objects information"
  - "Include environment information"
- Click "Defaults" on the left hand side to display the Default Settings box.
  - Make sure these items have your preferred settings in them.:
  - "Default homepage"
  - "Default searchpage"
- Click "Tweak" on the left hand side to display the Tweak Settings box.
  - Click the + (plus) sign next to the Log Files section. This will expand the section.
  - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
    - "Include basic Ad-Aware settings in log file"
    - "Include additional Ad-Aware settings in log file"
    - "Include reference summary in log file"
    - "Include alternate data stream details in log file"
  - Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
  - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
    - "Unload recognized processes & modules during scan"
    - "Scan registry for all users instead of current user only"
    - "Obtain command line of scanned processes"
  - Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
  - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
    - "Always try to unload modules before deletion"
    - "During removal, unload Explorer and IE if necessary"
    - "Let Windows remove files in use at next reboot"
    - "Delete quarantined objects after restoring"
- Once you are done with these settings, click "Proceed" to save them.
- This will take you back to the main screen.
Run Ad-Aware SE Personal 1.06:
- Click the "Start" button.
- Uncheck the "Search for negligible risk entries" entry.
- Choose the "Use custom scanning options" scan mode.
- Click the "Next" button.
- Ad-Aware will begin to scan for malware residing on your computer.
- Allow the scan to finish.
- Right-click on any entry in the list and click "Select All" to select the whole list.
- Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.

2. Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a trial version of the program.
- Install ewido security suite
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will prompt you to update click the OK button
- The program will now go to the main screen
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update
- Click on Start
- The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
- REBOOT into Safe Mode
- Run EWIDO
- Click on scanner
- Click on Start Scan
- Let the program scan the machine
- While the scan is in progress you will be prompted to clean files, click OK
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report
- Save the report to your desktop
Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply

Regards,

Trevuren

#5
matrixscatman

Posted 07 October 2005 - 01:47 PM

New Member

Topic Starter
Member
8 posts

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:24:36 PM, 10/6/2005
+ Report-Checksum: A93493D4

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID\\ -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1\CLSID\\ -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib\\ -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\TypeLib\\ -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID\\ -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID\\ -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\TypeLib\\ -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib\\ -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\TypeLib\\ -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID\\ -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj.1 -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj.1\CLSID\\ -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHAgent -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyvariable_search -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyvariable_search2 -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyvariable_search3 -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyvariable_search4 -> Spyware.ISTBar : Error during cleaning
HKU\.DEFAULT\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\salm -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-2237029002-2942328611-1021817841-1005\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2237029002-2942328611-1021817841-1005\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2237029002-2942328611-1021817841-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2237029002-2942328611-1021817841-1005\Software\salm -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-18\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\salm -> Spyware.180Solutions : Cleaned with backup
C:\clogs.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BBOHV1CF\dun[1].exe -> Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BBOHV1CF\istdownload[1].exe -> TrojanDownloader.IstBar.lq : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BBOHV1CF\istrecover[1].exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BBOHV1CF\nem220[1].dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BBOHV1CF\stubinstaller5041[1].ex_ -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BBOHV1CF\version[1].exe -> Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O5J7ESFT\clogs[1].rar -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O5J7ESFT\downloaddll[1].htm -> Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O5J7ESFT\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O5J7ESFT\uninstaller.prod.21sep2005.exe[1] -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TR2OZKTL\bb[1].exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TR2OZKTL\dealhelper[1].exe -> TrojanDownloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TR2OZKTL\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z2GN2HIR\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z2GN2HIR\sahagent[1].exe -> Adware.SAHA : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\tekfbrtp.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Tech\Desktop\backups\backup-20050929-165356-235.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Tech\Desktop\backups\backup-20050929-170000-591.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Tech\Local Settings\Temp\res3.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Tech\Local Settings\Temp\temp.fr6504\MediaAccess.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Tech\Local Settings\Temp\temp.fr6504\MediaAccK.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Tech\Local Settings\Temp\temp.fr6867 -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Tech\Local Settings\Temp\temp.frB828 -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\FOG6Q7CZ\MediaAccK[1].exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Tech\msdirectx.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\gc.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Program Files\180searchassistant -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salmau.dat -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salmhook.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm_gdf.dat -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm_kyf.dat -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
C:\Program Files\Internet Optimizer\optimize.exe -> Spyware.InternetOptimizer : Cleaned with backup
C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\ISTsvc\istsvc.exe -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup
C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup
C:\Program Files\Media Access\MediaAccC.dll -> Adware.MediaAccess : Cleaned with backup
C:\Program Files\Media Access\MediaAccess.exe -> Adware.MediaAccess : Cleaned with backup
C:\Program Files\Media Access\MediaAccK.exe -> Adware.MediaAccess : Cleaned with backup
C:\Program Files\ProSiteFinder\ProSiteFinder.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\ProSiteFinder\prositefinder.exe -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\ProSiteFinder\ProSiteFinder1\prositefinder1.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\ProSiteFinder\ProSiteFinder1\prositefinder1.exe -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\ProSiteFinder\znaqwa4l.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : Error during cleaning
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc10\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc12\sais.exe -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc12\saishook.dll -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc12\salm.exe -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc12\salmhook.dll -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc8\sfbho.dll -> Spyware.SideFind : Cleaned with backup
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc8\sidefind.dll -> Spyware.SideFind : Cleaned with backup
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc8\update\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc9\powerscan.exe -> Spyware.PowerScan : Cleaned with backup
C:\RECYCLER\S-1-5-21-2237029002-2942328611-1021817841-1005\Dc9\uninstall.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\temp\bundle_cdt1006.exe -> Adware.Saha : Cleaned with backup
C:\temp\ZCWEDowST3.exe -> TrojanDropper.Agent.rs : Cleaned with backup
C:\WINDOWS\6cqr5kkp.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\itnce.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\WINDOWS\nem220.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\WINDOWS\system32\8ggr22mg.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\9ctc6ijk.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\bot.exe -> Backdoor.Rbot.fo : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\56OXBNT0\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\67DT8TTM\stubinstaller5041[1].ex_ -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DD4TJN8\gc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DD4TJN8\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G0DW68B0\sahagent[1].exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\hwclock.exe_tobedeleted -> Backdoor.Small.eo : Cleaned with backup
C:\WINDOWS\system32\install.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\WINDOWS\system32\ipsec.exe/bot.exe -> Backdoor.Rbot.fo : Cleaned with backup
C:\WINDOWS\system32\Jakapi.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\lqplz.exe -> Backdoor.Rbot.fo : Cleaned with backup
C:\WINDOWS\system32\oo2j3t25.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\r7s0pido.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\rdriv.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\WINDOWS\system32\veirq.exe -> Backdoor.Rbot.fo : Cleaned with backup
C:\WINDOWS\temp\3HM83D9S.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\temp\bundle_cdt1006.exe -> Adware.Saha : Cleaned with backup

C:\WINDOWS\temp\Del2E.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\temp\Del6C.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\temp\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\temp\res1.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\temp\res2.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\temp\res6D.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\temp\sahagent.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\temp\update.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\tsecure.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\wlmp.exe -> Spyware.180Solutions : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 3:46:50 PM, on 10/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\ITOOLS\IntelliKeys USB\ikusb.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\kuqqu.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\dfivh.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\system32\package_MARKETING27.exe
C:\WINDOWS\inst_MARKETING27.exe
C:\Program Files\180searchassistant\sais.exe
C:\WINDOWS\System32\jvkr1et0.exe
C:\WINDOWS\System32\9261aenh.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....0&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000000-0000-4CC7-9103-E0A0213EAA4A} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Windowns Alert Service] explore.exe
O4 - HKLM\..\Run: [4fp4q3qk] C:\WINDOWS\System32\4fp4q3qk.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Windows IP Security Service] kuqqu.exe
O4 - HKLM\..\Run: [Vibbn3jf] C:\WINDOWS\dfivh.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [Power Scan] "C:\Program Files\Power Scan\powerscan.exe" /aid:156324
O4 - HKLM\..\Run: [pmz] C:\WINDOWS\pmz.exe
O4 - HKLM\..\Run: [jvkr1et0] C:\WINDOWS\System32\jvkr1et0.exe
O4 - HKLM\..\RunServices: [Windowns Alert Service] explore.exe
O4 - HKLM\..\RunServices: [Windows IP Security Service] kuqqu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windowns Alert Service] explore.exe
O4 - HKCU\..\RunServices: [Windowns Alert Service] explore.exe
O4 - Global Startup: ikusbstart2.lnk = C:\ITOOLS\IntelliKeys USB\ikusbstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

#6
Trevuren

Posted 07 October 2005 - 02:34 PM

Old Dog

Retired Staff
18,699 posts

We want to stop, disable and delete an added service (023)

A. To stop a service and set to 'disabled'

Go to Start > Run and type in Services.msc then click OK
Click the Extended tab.
Scroll down until you find the service.
===>tsecure
Click once on the service to highlight it.
Click Stop
Right-Click on the service.
Click on 'Properties'
Select the 'General' tab
Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
From the drop-down menu, click on 'Disabled'
Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.

B. We will now delete the service:

1. Open HJT

2. Click on Config>>Misc Tools>>Delete an NT Service

3. Copy/Paste tsecure in the space provided and click OK

4. The program will ask you to REBOOT --- Accept

5. REBOOT into SAFE MODE

6. Using Windows Explorer, locate and DELETE the following file (if it still is present):

C:\WINDOWS\tsecure.exe

7. REBOOT back into Normal Mode

8. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

#7
matrixscatman

Posted 10 October 2005 - 01:19 PM

New Member

Topic Starter
Member
8 posts

Logfile of HijackThis v1.99.1
Scan saved at 3:16:17 PM, on 10/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\toshiba\ivp\ism\pinger.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\kuqqu.exe
C:\WINDOWS\dfivh.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\program files\180searchassistant\sais.exe
C:\WINDOWS\pmz.exe
C:\WINDOWS\System32\jvkr1et0.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\ITOOLS\IntelliKeys USB\ikusb.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....0&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000000-0000-4CC7-9103-E0A0213EAA4A} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Windowns Alert Service] explore.exe
O4 - HKLM\..\Run: [4fp4q3qk] C:\WINDOWS\System32\4fp4q3qk.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Windows IP Security Service] kuqqu.exe
O4 - HKLM\..\Run: [Vibbn3jf] C:\WINDOWS\dfivh.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [pmz] C:\WINDOWS\pmz.exe
O4 - HKLM\..\Run: [jvkr1et0] C:\WINDOWS\System32\jvkr1et0.exe
O4 - HKLM\..\RunServices: [Windowns Alert Service] explore.exe
O4 - HKLM\..\RunServices: [Windows IP Security Service] kuqqu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windowns Alert Service] explore.exe
O4 - HKCU\..\Run: [Windows IP Security Service] kuqqu.exe
O4 - HKCU\..\RunServices: [Windowns Alert Service] explore.exe
O4 - HKCU\..\RunServices: [Windows IP Security Service] kuqqu.exe
O4 - Global Startup: ikusbstart2.lnk = C:\ITOOLS\IntelliKeys USB\ikusbstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

#8
Trevuren

Posted 10 October 2005 - 02:09 PM

Old Dog

Retired Staff
18,699 posts

Please provide a list of uninstallable programs.

To Provide a List of Installed Programs

Run HijackThis.
Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
Save list to Desktop
Copy the Notepad list and Paste it into this thread.

Trevuren

#9
matrixscatman

Posted 11 October 2005 - 01:36 PM

New Member

Topic Starter
Member
8 posts

Ad-Aware SE Personal
Adobe Acrobat 5.0
ALPS Touch Pad Driver
AOL Instant Messenger
AT&T Connection Services Manager
CCleaner (remove only)
Co:Writer 4000
Co:Writer Client Installer
Control Pad
DivX Player
Drag'n Drop CD
eReader
ewido security suite
Hijackthis 1.99.1
HijackThis 1.99.1
IBM ViaVoice Outloud Runtime v4.0 - US English
Inspiration 7.5
Intel® PRO Ethernet Adapter and Software
IntelliKeys USB
IntelliMathics
IntelliTalk II
Internet Optimizer
InterVideo WinDVD 4
ISTsvc
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Macromedia Flash Player 8
Mathpad
MathPad Plus: Fractions and Decimals 1.03 for Windows
Media Access
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Text-to-Speech Engine 4.0 (English)
Mozilla Firefox (1.0.7)
Mozilla Thunderbird (1.0.6)
Network Device Switch 3
NVIDIA Windows 2000/XP Display Drivers
Power Scan
ProSiteFinder
Quick Links
Quicken 2001 New User Edition
QuickTime
RealPlayer Basic
Search Assistant
Select CashBack
Select CashBack
Select CashBack
Select CashBack
SideFind
Spybot - Search & Destroy 1.4
Sudoku War 1.00
Surf Accuracy
Symantec AntiVirus Client
The Tournament Director
Toshiba Access
TOSHIBA Console
TOSHIBA Controls
Toshiba Hotkey Utility for Display Devices
TOSHIBA Power Saver
TOSHIBA Software Modem
Toshiba Software Upgrades
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad On/Off Utility V2.04.00
TOSHIBA Utilities
Toshiba WinXP Registration
Type to Learn 3
Verizon Online Support Center
Viewpoint Media Player
Visual IP InSight(Verizon Online)
Winamp (remove only)
Windows XP Service Pack 1a
WinPoET v4.0
WriteOutLoud
YAMAHA AC-XG WDM
ZipScan Evaluation 2.2

#10
Trevuren

Posted 11 October 2005 - 01:48 PM

Old Dog

Retired Staff
18,699 posts

1. I want you to UNINSTALL the following programs, if present, through the ADD/REMOVE feature of your Control Panel:

Media Access
ISTsvc
Internet Optimizer
ProSiteFinder
SideFind

2. Now, using Windows Explorer, I need you to DELETE the following folder(s) and all their content:

C:\Program Files\Media Access
C:\Program Files\ISTsvc
C:\Program Files\Internet Optimizer
C:\Program Files\ProSiteFinder
C:\Program Files\SideFind

3. REBOOT your system

4. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

#11
matrixscatman

Posted 12 October 2005 - 02:09 PM

New Member

Topic Starter
Member
8 posts

i tryed to but the program files say there write protected, but i unintalled them. in the past, when i uninstalled them they just reproduced themselves.

#12
Trevuren

Posted 12 October 2005 - 05:44 PM

Old Dog

Retired Staff
18,699 posts

Please post a fresh HJT log for review,

Regards,

Trevuren

#13
matrixscatman

Posted 14 October 2005 - 10:25 AM

New Member

Topic Starter
Member
8 posts

Logfile of HijackThis v1.99.1
Scan saved at 12:24:24 PM, on 10/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\jvkr1et0.exe
C:\Program Files\AIM\aim.exe
C:\ITOOLS\IntelliKeys USB\ikusb.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Office\Office\POWERPNT.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\System32\kuqqu.exe
C:\Program Files\Winamp\Winamp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....0&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {00000000-0000-4CC7-9103-E0A0213EAA4A} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Windowns Alert Service] explore.exe
O4 - HKLM\..\Run: [4fp4q3qk] C:\WINDOWS\System32\4fp4q3qk.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Windows IP Security Service] kuqqu.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [jvkr1et0] C:\WINDOWS\System32\jvkr1et0.exe
O4 - HKLM\..\RunServices: [Windowns Alert Service] explore.exe
O4 - HKLM\..\RunServices: [Windows IP Security Service] kuqqu.exe
O4 - HKLM\..\RunOnce: [ClrSchUninstall] C:\DOCUME~1\Tech\LOCALS~1\Temp\Uninstall.EXE -b
O4 - HKLM\..\RunOnce: [UninstallQL] C:\WINDOWS\System32\PreUninstallQL.exe -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windowns Alert Service] explore.exe
O4 - HKCU\..\Run: [Windows IP Security Service] kuqqu.exe
O4 - HKCU\..\RunServices: [Windowns Alert Service] explore.exe
O4 - HKCU\..\RunServices: [Windows IP Security Service] kuqqu.exe
O4 - Global Startup: ikusbstart2.lnk = C:\ITOOLS\IntelliKeys USB\ikusbstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

#14
Trevuren

Posted 14 October 2005 - 11:55 AM

Old Dog

Retired Staff
18,699 posts

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

First we need to make all files and folders VISIBLE:
- Go to start>control panel>folder options>view (tab)
- Choose to "show hidden files and folders,"
- Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
- Close the window with ok
Please RUN HijackThis.
. Click the SCAN button to produce a log.
Place a check mark beside each one of the following items:

O2 - BHO: (no name) - {00000000-0000-4CC7-9103-E0A0213EAA4A} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [4fp4q3qk] C:\WINDOWS\System32\4fp4q3qk.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Windows IP Security Service] kuqqu.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [jvkr1et0] C:\WINDOWS\System32\jvkr1et0.exe
O4 - HKLM\..\RunServices: [Windowns Alert Service] explore.exe
O4 - HKLM\..\RunServices: [Windows IP Security Service] kuqqu.exe
O4 - HKLM\..\RunOnce: [ClrSchUninstall] C:\DOCUME~1\Tech\LOCALS~1\Temp\Uninstall.EXE -b
O4 - HKCU\..\Run: [Windowns Alert Service] explore.exe
O4 - HKCU\..\Run: [Windows IP Security Service] kuqqu.exe
O4 - HKCU\..\RunServices: [Windowns Alert Service] explore.exe
O4 - HKCU\..\RunServices: [Windows IP Security Service] kuqqu.exe
Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode
- Restart the computer.
- As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
- Use the arrow keys to select the Safe mode menu item
- Press Enter.
Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

C:\Program Files\Internet Optimizer<==Folder
C:\WINDOWS\System32\jvkr1et0.exe
C:\WINDOWS\System32\kuqqu.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\4fp4q3qk.exe
C:\Program Files\ProSiteFinder
C:\Program Files\Media Access<==Folder
explore.exe<==You will have to search for this one and make sure that it is not a legit file by right clicking on it when you find it, choose properties and look in the different sections of the samll window for the company that made the file.
C:\DOCUME~1\Tech\LOCALS~1\Temp\Uninstall.EXE
Exit Explorer, and REBOOT BACK INTO NORMAL MODE
Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.

Regards,

Trevuren

#15
Trevuren

Posted 27 October 2005 - 04:16 PM

Old Dog

Retired Staff
18,699 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.