Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

First in a series of unfortunate events


  • Please log in to reply

#1
Good_guy

Good_guy

    New Member

  • Member
  • Pip
  • 3 posts
1. The dialog of taskpanl.exe entry point not found pops up everytime i restart my computer.
2. When running S&D 20ish instances of spyware do not get removed, even on running at next startup or in safe mode.
3. Windows thought bubble stating antivirus software not installed pops every boot. When I try to install NAV 06 it states that I must first uninstall previous versions, However, Norton is no longer listed on my add/remove programs list.

(mark)helpmehelp mehelp me, oh god, sombody please help me

Logfile of HijackThis v1.99.1
Scan saved at 3:31:45 PM, on 10/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Mary Schroeder\My Documents\Gmail Notifier\gnotify.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Desktop\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mary Schroeder\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Mary Schroeder\Application Data\Mozilla\Profiles\default\ae3inw7z.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mary Schroeder\Application Data\Mozilla\Profiles\default\ae3inw7z.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "d:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "d:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Documents and Settings\Mary Schroeder\My Documents\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [E6TaskPanel] "D:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.excite.com
O16 - DPF: Yahoo! Chat -
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...oducts/vmp.html
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} -
O16 - DPF: {2AD5DBAE-2DDB-11D4-A96C-00E09872DF17} (PrintRoomUploader Class) - http://www.printroom...mUploaderX3.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
1) Please download msicuu2.exe

Unzip the files (using a standar package like Winzip or WinRAR etc.). From the extracted files, run the file msicuu.exe.

It will give you a list of programs. Please post back the entire list in your next reply.


2) Please post the Spybot Scan report


3) Please go to Norton Uninstall Instructions.

Here you will get the complete set of instructions to uninstall Norton.

Let me know how it goes.
  • 0

#3
Good_guy

Good_guy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
here is the S&D report
and attached is a list of installation filesprograms.JPG
--- Report generated: 2005-10-06 12:05 ---

HitsLink: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HitsLink: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HitsLink: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HitsLink: Tracking cookie (Mozilla: default) (Cookie, nothing done)


AbetterInternet.Aurora: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Mvu

AbetterInternet.Aurora: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Mvu

AbetterInternet.Aurora: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Mvu

AbetterInternet.Aurora: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Mvu

Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Mozilla: default) (Cookie, nothing done)


BFast: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Delfin Project: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\picsvr

Delfin Project: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\picsvr

Delfin Project: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\picsvr

Delfin Project: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\picsvr

DoubleClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HotsearchBar: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Ceres

HotsearchBar: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Ceres

HotsearchBar: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Ceres

HotsearchBar: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Ceres

kz515.com: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\kz515

kz515.com: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\kz515

kz515.com: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\kz515

kz515.com: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\kz515

MediaPlex: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Pacimedia: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\PSoft1

Pacimedia: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\PSoft1

Pacimedia: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\PSoft1

Pacimedia: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\PSoft1


--- Spybot - Search && Destroy version: 1.3 ---
2004-11-29 Includes\LSP.sbi
2005-09-30 Includes\Cookies.sbi
2005-09-30 Includes\Dialer.sbi
2005-09-30 Includes\Hijackers.sbi
2005-09-30 Includes\Keyloggers.sbi
2005-09-30 Includes\Malware.sbi
2005-09-30 Includes\Revision.sbi
2005-09-30 Includes\Security.sbi
2005-09-30 Includes\Spybots.sbi
2005-09-30 Includes\Trojans.sbi
2005-02-17 Includes\Tracks.uti
2005-09-30 Includes\PUPS.sbi
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please download WebRoot SpySweeper from here:
http://www.webroot.c...6d6f87b866d2848
(It's a 2 week trial)

Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers".
On the next page, click the "Free Trial" button.
Download it and install it.
When you open the program, it will prompt you to update to the latest definitions.
Please do so, then click "Sweep Now"
Then click the "Start" button.
When it's done scanning, click the "Next" button.
Remove everything it finds, then save the log - copy the log and paste it here for me.
  • 0

#5
Good_guy

Good_guy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I have used spy sweeper in the past and it won't allow me to do another free trial. sorry
  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, start tapping press F8 key.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Finally, restart your computer back into Normal Mode and please post the ewido report log from the Ewido scan by using Add Reply.

Also, Can you post the list of programs which are listed when you run msicuu.exe ??? I dont want the list of programs installed on your PC (as listed by Spybot or otherwise)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP