Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr Postmortem Debugger [resolved]

Started by plzhelpme , Feb 11 2005 09:41 AM

  • This topic is locked This topic is locked

#1
plzhelpme
Posted 11 February 2005 - 09:41 AM

plzhelpme

    New Member

  • Member
  • Pip
  • 6 posts
I see lots of this problem occuring and i was wondering if i should just follow other peoples threads as to what to do, and how far to follow thiers. Any help would be greatly appreciated
  • 0

Advertisements

#2
Guest_thatman_*
Posted 11 February 2005 - 09:45 AM

Guest_thatman_*
  • Guest
Welcome to geekstogo plzhelpme

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

Kc :tazz:
  • 0

#3
plzhelpme
Posted 11 February 2005 - 07:45 PM

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
so far i downloaded the ad adware with all the settings suggested, but when i restarted my computer and scanned again about the same number of problems were found, i have done this about 4 times with the same results
  • 0

#4
Guest_thatman_*
Posted 12 February 2005 - 03:00 AM

Guest_thatman_*
  • Guest
Hi plzhelpme

Please post a HijackThis.Log

Kc :tazz:
  • 0

#5
plzhelpme
Posted 12 February 2005 - 02:53 PM

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.0
Scan saved at 2:51:07 PM, on 2/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\iecp32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ryan Tyrell\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A970907-E04F-2619-61D4-DA07C2C0D521} - C:\WINDOWS\system32\addmd.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [addcm.exe] C:\WINDOWS\system32\addcm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [iecp32.exe] C:\WINDOWS\system32\iecp32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: LimeWire 4.2.3.lnk = C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Old Aim\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speeder...meInstaller.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\adddk.exe (file missing)
  • 0

#6
Guest_thatman_*
Posted 13 February 2005 - 02:04 AM

Guest_thatman_*
  • Guest
Hi plzhelpme

You have a nasty About:Blank infection. This fix requires several tools that need to be downloaded. Please download these now, we will run them later.

1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update.

Enable hidden files and folders: http://www.bleepingc...torial=62#winme

During the fix do NOT connect to the internet. Unless you can memorize these instructions, it would be a good idea to print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
-Configure Ad-Aware for a full system scan
-Run it

Clean Up the left overs

Run HJT, close any open windows, and fix the following items (if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: (no name) - {0A970907-E04F-2619-61D4-DA07C2C0D521} - C:\WINDOWS\system32\addmd.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O4 - HKLM\..\Run: [addcm.exe] C:\WINDOWS\system32\addcm.exe
O4 - HKLM\..\RunOnce: [iecp32.exe] C:\WINDOWS\system32\iecp32.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: LimeWire 4.2.3.lnk = C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\adddk.exe (file missing)

Then delete the following files (if they exist):

C:\WINDOWS\system32\ yzftt.dll <-Delete this file
C:\WINDOWS\system32\ iecp32.exe <-Delete this file
C:\Program Files\ LimeWire <-Delete this folder
C:\WINDOWS\system32\ addcm.exe <-Delete this file
C:\Program Files\ Viewpoint <-Delete this folder
C:\WINDOWS\system32\ adddk.exe <-Delete this file


Reboot into normal mode (simply restart your computer as you normally would), and run the following free, online virus scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Then restart your computer one more time and post a new HJT log as well as the About:Buster log I asked you to save earlier.

Kc :tazz:
  • 0

#7
plzhelpme
Posted 13 February 2005 - 01:43 PM

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
i cant enable the hidden files becase i cant open my compter on desktop, but ill go ahead with the rest of what u said
  • 0

#8
Guest_thatman_*
Posted 14 February 2005 - 01:39 PM

Guest_thatman_*
  • Guest
Hi plzhelpme

Please download the newest version of l2mfix from here:

http://www.atribune....oads/l2mfix.exe

Your winlogon keys got blown away by the vx2 infection. Please run l2mfix.bat again and choose option #4 to restore those winlogon entries.

Thanks :tazz:
  • 0

#9
plzhelpme
Posted 18 February 2005 - 01:27 PM

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.0
Scan saved at 1:25:09 PM, on 2/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Old Aim\aim.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Ryan Tyrell\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Old Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speeder...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Scanned at: 9:04:08 PM on: 2/13/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\addmx32.dll:bulsi
C:\WINDOWS\bcvwh.log:fldvj
C:\WINDOWS\cfxtx.dll:zwzpu
C:\WINDOWS\czrsu.dat:xjnag
C:\WINDOWS\egrie.dat:epkjo
C:\WINDOWS\egtic.dll:xpvwq
C:\WINDOWS\eReg.dat:dujjv
C:\WINDOWS\explorer.exe:ovmus
C:\WINDOWS\fgqdy.dat:bbfzn
C:\WINDOWS\fphxk.dll:mlikf
C:\WINDOWS\gxdos.dll:owbns
C:\WINDOWS\gzecy.log:zmpjc
C:\WINDOWS\hdlml.dat:ltovv
C:\WINDOWS\hrimw.dat:vpvmv
C:\WINDOWS\hsnyc.txt:vziiy
C:\WINDOWS\KB817778.log:dxauy
C:\WINDOWS\KB828035.log:qhaic
C:\WINDOWS\KB835732.log:bikow
C:\WINDOWS\kfdrm.dll:iftwz
C:\WINDOWS\MSDFMAP.INI:lkofm
C:\WINDOWS\msfsetup.ini:tkgpr
C:\WINDOWS\NCUNINST.EXE:wduea
C:\WINDOWS\netscape.ico:lezvt
C:\WINDOWS\OEWABLog.txt:cbdhm
C:\WINDOWS\oyebr.dat:cbtbu
C:\WINDOWS\P16x.ini:qitwv
C:\WINDOWS\PROTOCOL.INI:edpqz
C:\WINDOWS\Q311967.log:fbqjh
C:\WINDOWS\Q329048.log:kscrr
C:\WINDOWS\Q329170.log:uxxsu
C:\WINDOWS\Q810565.log:iasou
C:\WINDOWS\Q811493.log:bbctw
C:\WINDOWS\Q811630.log:ewcib
C:\WINDOWS\Q815021.log:lbrbn
C:\WINDOWS\Q819696.log:vubgp
C:\WINDOWS\Rhododendron.bmp:meicd
C:\WINDOWS\rqmuo.txt:ietae
C:\WINDOWS\SBMIXDEF.INI:omwtq
C:\WINDOWS\scunin.dat:hnpys
C:\WINDOWS\SETUPACT.LOG:zfhhm
C:\WINDOWS\setupapi.log.0.old:rbdpa
C:\WINDOWS\TASKMAN.EXE:zayrs
C:\WINDOWS\thpag.dll:cbkjo
C:\WINDOWS\TWAIN.DLL:ztrod
C:\WINDOWS\TWUNK_32.EXE:zvdnb
C:\WINDOWS\Virtual Slideshow.scr:ckzld
C:\WINDOWS\VMINST.LOG:vkrqf
C:\WINDOWS\wanmpsvc.exe:kbbbn
C:\WINDOWS\wczki.log:utiau
C:\WINDOWS\WIN.INI:nojry
C:\WINDOWS\winamp.ini:bqtzl
C:\WINDOWS\WindowsUpdate.log:urmen
C:\WINDOWS\WMSysPrx.prx:fsavf


Removed 6 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\addmx32.dll:bulsi
C:\WINDOWS\bcvwh.log:fldvj
C:\WINDOWS\cfxtx.dll:zwzpu
C:\WINDOWS\czrsu.dat:xjnag
C:\WINDOWS\egrie.dat:epkjo
C:\WINDOWS\egtic.dll:xpvwq
C:\WINDOWS\eReg.dat:dujjv
C:\WINDOWS\explorer.exe:ovmus
C:\WINDOWS\fgqdy.dat:bbfzn
C:\WINDOWS\fphxk.dll:mlikf
C:\WINDOWS\gxdos.dll:owbns
C:\WINDOWS\gzecy.log:zmpjc
C:\WINDOWS\hdlml.dat:ltovv
C:\WINDOWS\hrimw.dat:vpvmv
C:\WINDOWS\hsnyc.txt:vziiy
C:\WINDOWS\KB817778.log:dxauy
C:\WINDOWS\KB828035.log:qhaic
C:\WINDOWS\KB835732.log:bikow
C:\WINDOWS\kfdrm.dll:iftwz
C:\WINDOWS\MSDFMAP.INI:lkofm
C:\WINDOWS\msfsetup.ini:tkgpr
C:\WINDOWS\NCUNINST.EXE:wduea
C:\WINDOWS\netscape.ico:lezvt
C:\WINDOWS\OEWABLog.txt:cbdhm
C:\WINDOWS\oyebr.dat:cbtbu
C:\WINDOWS\P16x.ini:qitwv
C:\WINDOWS\PROTOCOL.INI:edpqz
C:\WINDOWS\Q311967.log:fbqjh
C:\WINDOWS\Q329048.log:kscrr
C:\WINDOWS\Q329170.log:uxxsu
C:\WINDOWS\Q810565.log:iasou
C:\WINDOWS\Q811493.log:bbctw
C:\WINDOWS\Q811630.log:ewcib
C:\WINDOWS\Q815021.log:lbrbn
C:\WINDOWS\Q819696.log:vubgp
C:\WINDOWS\Rhododendron.bmp:meicd
C:\WINDOWS\rqmuo.txt:ietae
C:\WINDOWS\SBMIXDEF.INI:omwtq
C:\WINDOWS\scunin.dat:hnpys
C:\WINDOWS\SETUPACT.LOG:zfhhm
C:\WINDOWS\setupapi.log.0.old:rbdpa
C:\WINDOWS\TASKMAN.EXE:zayrs
C:\WINDOWS\thpag.dll:cbkjo
C:\WINDOWS\TWAIN.DLL:ztrod
C:\WINDOWS\TWUNK_32.EXE:zvdnb
C:\WINDOWS\Virtual Slideshow.scr:ckzld
C:\WINDOWS\VMINST.LOG:vkrqf
C:\WINDOWS\wanmpsvc.exe:kbbbn
C:\WINDOWS\wczki.log:utiau
C:\WINDOWS\WIN.INI:nojry
C:\WINDOWS\winamp.ini:bqtzl
C:\WINDOWS\WindowsUpdate.log:urmen
C:\WINDOWS\WMSysPrx.prx:fsavf


Attempted Clean Of Temp folder.
Pages Reset... Done!
  • 0

#10
plzhelpme
Posted 18 February 2005 - 01:32 PM

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
should i not install limewire, and why not ?
  • 0

#11
Guest_thatman_*
Posted 19 February 2005 - 05:51 AM

Guest_thatman_*
  • Guest
Hi plzhelpme

Please take a look at this: http://startup.iamno...meWire.exe.html

LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number.
Note - as with all P2P sharing programs they are susceptible to various forms of malware.

Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here
QUOTE
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here http://windowsupdate.microsoft.com/ to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox user posted image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

After doing all these, your system will be thoroughly protected from future threats. :thumbsup:

Kc ;)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP