Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr Postmortem Debugger [resolved]


  • This topic is locked This topic is locked

#1
plzhelpme

plzhelpme

    New Member

  • Member
  • Pip
  • 6 posts
I see lots of this problem occuring and i was wondering if i should just follow other peoples threads as to what to do, and how far to follow thiers. Any help would be greatly appreciated
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Welcome to geekstogo plzhelpme

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

Kc :tazz:
  • 0

#3
plzhelpme

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
so far i downloaded the ad adware with all the settings suggested, but when i restarted my computer and scanned again about the same number of problems were found, i have done this about 4 times with the same results
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi plzhelpme

Please post a HijackThis.Log

Kc :tazz:
  • 0

#5
plzhelpme

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.0
Scan saved at 2:51:07 PM, on 2/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\iecp32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ryan Tyrell\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A970907-E04F-2619-61D4-DA07C2C0D521} - C:\WINDOWS\system32\addmd.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [addcm.exe] C:\WINDOWS\system32\addcm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [iecp32.exe] C:\WINDOWS\system32\iecp32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: LimeWire 4.2.3.lnk = C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Old Aim\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speeder...meInstaller.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\adddk.exe (file missing)
  • 0

#6
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi plzhelpme

You have a nasty About:Blank infection. This fix requires several tools that need to be downloaded. Please download these now, we will run them later.

1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update.

Enable hidden files and folders: http://www.bleepingc...torial=62#winme

During the fix do NOT connect to the internet. Unless you can memorize these instructions, it would be a good idea to print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
-Configure Ad-Aware for a full system scan
-Run it

Clean Up the left overs

Run HJT, close any open windows, and fix the following items (if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yzftt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: (no name) - {0A970907-E04F-2619-61D4-DA07C2C0D521} - C:\WINDOWS\system32\addmd.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O4 - HKLM\..\Run: [addcm.exe] C:\WINDOWS\system32\addcm.exe
O4 - HKLM\..\RunOnce: [iecp32.exe] C:\WINDOWS\system32\iecp32.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: LimeWire 4.2.3.lnk = C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\adddk.exe (file missing)


Then delete the following files (if they exist):

C:\WINDOWS\system32\ yzftt.dll <-Delete this file
C:\WINDOWS\system32\ iecp32.exe <-Delete this file
C:\Program Files\ LimeWire <-Delete this folder
C:\WINDOWS\system32\ addcm.exe <-Delete this file
C:\Program Files\ Viewpoint <-Delete this folder
C:\WINDOWS\system32\ adddk.exe <-Delete this file


Reboot into normal mode (simply restart your computer as you normally would), and run the following free, online virus scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Then restart your computer one more time and post a new HJT log as well as the About:Buster log I asked you to save earlier.

Kc :tazz:
  • 0

#7
plzhelpme

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
i cant enable the hidden files becase i cant open my compter on desktop, but ill go ahead with the rest of what u said
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi plzhelpme

Please download the newest version of l2mfix from here:

http://www.atribune....oads/l2mfix.exe

Your winlogon keys got blown away by the vx2 infection. Please run l2mfix.bat again and choose option #4 to restore those winlogon entries.

Thanks :tazz:
  • 0

#9
plzhelpme

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.0
Scan saved at 1:25:09 PM, on 2/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Old Aim\aim.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Ryan Tyrell\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Old Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speeder...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Scanned at: 9:04:08 PM on: 2/13/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\addmx32.dll:bulsi
C:\WINDOWS\bcvwh.log:fldvj
C:\WINDOWS\cfxtx.dll:zwzpu
C:\WINDOWS\czrsu.dat:xjnag
C:\WINDOWS\egrie.dat:epkjo
C:\WINDOWS\egtic.dll:xpvwq
C:\WINDOWS\eReg.dat:dujjv
C:\WINDOWS\explorer.exe:ovmus
C:\WINDOWS\fgqdy.dat:bbfzn
C:\WINDOWS\fphxk.dll:mlikf
C:\WINDOWS\gxdos.dll:owbns
C:\WINDOWS\gzecy.log:zmpjc
C:\WINDOWS\hdlml.dat:ltovv
C:\WINDOWS\hrimw.dat:vpvmv
C:\WINDOWS\hsnyc.txt:vziiy
C:\WINDOWS\KB817778.log:dxauy
C:\WINDOWS\KB828035.log:qhaic
C:\WINDOWS\KB835732.log:bikow
C:\WINDOWS\kfdrm.dll:iftwz
C:\WINDOWS\MSDFMAP.INI:lkofm
C:\WINDOWS\msfsetup.ini:tkgpr
C:\WINDOWS\NCUNINST.EXE:wduea
C:\WINDOWS\netscape.ico:lezvt
C:\WINDOWS\OEWABLog.txt:cbdhm
C:\WINDOWS\oyebr.dat:cbtbu
C:\WINDOWS\P16x.ini:qitwv
C:\WINDOWS\PROTOCOL.INI:edpqz
C:\WINDOWS\Q311967.log:fbqjh
C:\WINDOWS\Q329048.log:kscrr
C:\WINDOWS\Q329170.log:uxxsu
C:\WINDOWS\Q810565.log:iasou
C:\WINDOWS\Q811493.log:bbctw
C:\WINDOWS\Q811630.log:ewcib
C:\WINDOWS\Q815021.log:lbrbn
C:\WINDOWS\Q819696.log:vubgp
C:\WINDOWS\Rhododendron.bmp:meicd
C:\WINDOWS\rqmuo.txt:ietae
C:\WINDOWS\SBMIXDEF.INI:omwtq
C:\WINDOWS\scunin.dat:hnpys
C:\WINDOWS\SETUPACT.LOG:zfhhm
C:\WINDOWS\setupapi.log.0.old:rbdpa
C:\WINDOWS\TASKMAN.EXE:zayrs
C:\WINDOWS\thpag.dll:cbkjo
C:\WINDOWS\TWAIN.DLL:ztrod
C:\WINDOWS\TWUNK_32.EXE:zvdnb
C:\WINDOWS\Virtual Slideshow.scr:ckzld
C:\WINDOWS\VMINST.LOG:vkrqf
C:\WINDOWS\wanmpsvc.exe:kbbbn
C:\WINDOWS\wczki.log:utiau
C:\WINDOWS\WIN.INI:nojry
C:\WINDOWS\winamp.ini:bqtzl
C:\WINDOWS\WindowsUpdate.log:urmen
C:\WINDOWS\WMSysPrx.prx:fsavf


Removed 6 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\addmx32.dll:bulsi
C:\WINDOWS\bcvwh.log:fldvj
C:\WINDOWS\cfxtx.dll:zwzpu
C:\WINDOWS\czrsu.dat:xjnag
C:\WINDOWS\egrie.dat:epkjo
C:\WINDOWS\egtic.dll:xpvwq
C:\WINDOWS\eReg.dat:dujjv
C:\WINDOWS\explorer.exe:ovmus
C:\WINDOWS\fgqdy.dat:bbfzn
C:\WINDOWS\fphxk.dll:mlikf
C:\WINDOWS\gxdos.dll:owbns
C:\WINDOWS\gzecy.log:zmpjc
C:\WINDOWS\hdlml.dat:ltovv
C:\WINDOWS\hrimw.dat:vpvmv
C:\WINDOWS\hsnyc.txt:vziiy
C:\WINDOWS\KB817778.log:dxauy
C:\WINDOWS\KB828035.log:qhaic
C:\WINDOWS\KB835732.log:bikow
C:\WINDOWS\kfdrm.dll:iftwz
C:\WINDOWS\MSDFMAP.INI:lkofm
C:\WINDOWS\msfsetup.ini:tkgpr
C:\WINDOWS\NCUNINST.EXE:wduea
C:\WINDOWS\netscape.ico:lezvt
C:\WINDOWS\OEWABLog.txt:cbdhm
C:\WINDOWS\oyebr.dat:cbtbu
C:\WINDOWS\P16x.ini:qitwv
C:\WINDOWS\PROTOCOL.INI:edpqz
C:\WINDOWS\Q311967.log:fbqjh
C:\WINDOWS\Q329048.log:kscrr
C:\WINDOWS\Q329170.log:uxxsu
C:\WINDOWS\Q810565.log:iasou
C:\WINDOWS\Q811493.log:bbctw
C:\WINDOWS\Q811630.log:ewcib
C:\WINDOWS\Q815021.log:lbrbn
C:\WINDOWS\Q819696.log:vubgp
C:\WINDOWS\Rhododendron.bmp:meicd
C:\WINDOWS\rqmuo.txt:ietae
C:\WINDOWS\SBMIXDEF.INI:omwtq
C:\WINDOWS\scunin.dat:hnpys
C:\WINDOWS\SETUPACT.LOG:zfhhm
C:\WINDOWS\setupapi.log.0.old:rbdpa
C:\WINDOWS\TASKMAN.EXE:zayrs
C:\WINDOWS\thpag.dll:cbkjo
C:\WINDOWS\TWAIN.DLL:ztrod
C:\WINDOWS\TWUNK_32.EXE:zvdnb
C:\WINDOWS\Virtual Slideshow.scr:ckzld
C:\WINDOWS\VMINST.LOG:vkrqf
C:\WINDOWS\wanmpsvc.exe:kbbbn
C:\WINDOWS\wczki.log:utiau
C:\WINDOWS\WIN.INI:nojry
C:\WINDOWS\winamp.ini:bqtzl
C:\WINDOWS\WindowsUpdate.log:urmen
C:\WINDOWS\WMSysPrx.prx:fsavf


Attempted Clean Of Temp folder.
Pages Reset... Done!
  • 0

#10
plzhelpme

plzhelpme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
should i not install limewire, and why not ?
  • 0

#11
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi plzhelpme

Please take a look at this: http://startup.iamno...meWire.exe.html

LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number.
Note - as with all P2P sharing programs they are susceptible to various forms of malware.


Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here
QUOTE
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here http://windowsupdate.microsoft.com/ to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox user posted image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

After doing all these, your system will be thoroughly protected from future threats. :thumbsup:

Kc ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP