[X_poison_girl_x]

I've run spybot- search & destroy but it just found cookies and Adware just finds nothing at all. Im sure I have spyware because I keep getting these pop-ups. Please help me get rid of them..


Here is the log.


Logfile of HijackThis v1.99.1
Scan saved at 7:28:39 PM, on 12/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Documents and Settings\Owner\Desktop\TOOLS\spyware tools\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1115336617718
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Owner\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

[Advertisements]

** Before you proceed with the removal directions below you need to turn off MS Anti-Spyware's realtime protection and Ad-Watch. They will interfere with the changes we are trying to make.

• Open MS Anti-Spyware and click on Options > Settings.
• Click on "Realtime Protection" in the left pane.
• Remove the check by these:
  • Enable the Microsoft Security Agents on startup (recommended)
  • Enable real-time spyware threat protection (recommended)
• Click "Save"
• Now right click the MS Anti-spyware icon in your system tray and choose "Shutdown Microsoft Anti-Spyware"
• Leave it disabled until we are finished here.

• Open AdAware SE and click on the Ad-Watch button on the left.
• Click on the "Tools" button at the bottom.
• Click on the Options button on the left.
• Uncheck "Load Ad-Watch on Windows start up".
• At the bottom of the Ad-Watch screen there will be two checkable items called "Active" and "Automatic".
• Uncheck both of those boxes.
• Right click the Ad-Watch icon in the System Tray and choose "Unload Ad-Watch"
• Leave them disabled until we are finished here.
• Important! Make sure you remember to re-enable these options when we are finished.

*Download Cleanup from here

• Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
• Click the Options... button on the right.
• Move the arrow down to "Custom CleanUp!"
• Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Cleanup! All Users
  Click OK
• DO NOT RUN IT YET

* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ms-update] scvhost.exe

O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe

O4 - HKLM\..\RunServices: [ms-update] scvhost.exe


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.

• Put a tick by Standard File Kill.
• In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
• Click on the button that has the red circle with the X in the middle after you enter each file.
• It will ask for confimation to delete the file.
• Click Yes.
• Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\CSBB

c:\windows\system32\scvhost.exe

c:\windows\scvhost.exe

Note: It is possible that Killbox will tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Run Cleanup:

• Click on the "Cleanup" button and let it run.
• Once its done, close the program.

* Go to Control Panel > Internet Options.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

[Flrman1]

** Before you proceed with the removal directions below you need to turn off MS Anti-Spyware's realtime protection and Ad-Watch. They will interfere with the changes we are trying to make.

• Open MS Anti-Spyware and click on Options > Settings.
• Click on "Realtime Protection" in the left pane.
• Remove the check by these:
  • Enable the Microsoft Security Agents on startup (recommended)
  • Enable real-time spyware threat protection (recommended)
• Click "Save"
• Now right click the MS Anti-spyware icon in your system tray and choose "Shutdown Microsoft Anti-Spyware"
• Leave it disabled until we are finished here.

• Open AdAware SE and click on the Ad-Watch button on the left.
• Click on the "Tools" button at the bottom.
• Click on the Options button on the left.
• Uncheck "Load Ad-Watch on Windows start up".
• At the bottom of the Ad-Watch screen there will be two checkable items called "Active" and "Automatic".
• Uncheck both of those boxes.
• Right click the Ad-Watch icon in the System Tray and choose "Unload Ad-Watch"
• Leave them disabled until we are finished here.
• Important! Make sure you remember to re-enable these options when we are finished.

*Download Cleanup from here

• Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
• Click the Options... button on the right.
• Move the arrow down to "Custom CleanUp!"
• Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Cleanup! All Users
  Click OK
• DO NOT RUN IT YET

* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ms-update] scvhost.exe

O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe

O4 - HKLM\..\RunServices: [ms-update] scvhost.exe


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.

• Put a tick by Standard File Kill.
• In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
• Click on the button that has the red circle with the X in the middle after you enter each file.
• It will ask for confimation to delete the file.
• Click Yes.
• Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\CSBB

c:\windows\system32\scvhost.exe

c:\windows\scvhost.exe

Note: It is possible that Killbox will tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Run Cleanup:

• Click on the "Cleanup" button and let it run.
• Once its done, close the program.

* Go to Control Panel > Internet Options.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

[X_poison_girl_x]

The Active Scan log (before it was disinfected)



Incident Status Location

Adware:Adware/CommAd Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\asappsrv.dll.q_105FDE02_q
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\mc-110-12-0000137.exe.q_1C6DAACA_q
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-544f85b2-3a84b603.zip[Dummy.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-5d046d96.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-790a8f75.zip[InstallerApplet.class]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Haute tension - Retour à Malaveil .zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Havarie (2005).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Have Mercy on Us All (2006).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Haveli (Xvid).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Haven't We Met Before (DivX).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Haven, The (2002) (Xvid).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Hawa (2003) (Xvid).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Hawaii Five-O Cocoon (DVD RIP).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Hawaiian Dick (2006) (DVD Screener).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Hawaiian One (2002) (V) (Xvid).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Hawk, The (DVD RIP).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\Hay que matar a B. (DivX).zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Documents and Settings\Owner\Complete\His Father's Deputy (DVD RIP).zip[Movie.exe]
Adware:adware/popuper Not disinfected C:\Documents and Settings\Owner\Favorites\Online Pharmacy.url
Adware:Adware/MediaTickets Not disinfected C:\eied_s7.cab
Adware:Adware/MediaTickets Not disinfected C:\eied_s7.cab[eied_s7_c_29.exe]
Adware:Adware/MediaTickets Not disinfected C:\eied_s7.cab[eied.inf]
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\Download\freeprodtb.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\Download\mc-110-12-0000137.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\InetGet\mc-110-12-0000137.0xe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\Windows\services32.exe
Adware:Adware/CommAd Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2099B893-7345-4264-9859-A8D1FC\89C8FD1E-B9C8-4BD7-8D2C-34ACED
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Program Files\MsUpdate\a.zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Not disinfected C:\Program Files\MsUpdate\MSUPDATE.0XE
Possible Virus. Not disinfected C:\q131134.0xe
Virus:Trj/Femad.E Not disinfected C:\q541473.0xe
Possible Virus. Not disinfected C:\q614715.0xe
Adware:Adware/StartPage.AES Not disinfected C:\q626464.0xe
Virus:Trj/Downloader.FGB Not disinfected C:\q805999.0xe
Adware:adware/bookedspace Not disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware/searchaid Not disinfected C:\WINDOWS\sdkeg32.exe
Virus:Trj/Agent.AEA Not disinfected C:\WINDOWS\system32\GXM.0LL
Virus:W32/Sdbot.FET.worm Not disinfected C:\WINDOWS\system32\scvhost.0xe
Virus:Exploit/CodeBase.A Not disinfected C:\x.htm
Virus:W32/Sdbot.FET.worm Not disinfected C:\xz.0xe







Logfile of HijackThis v1.99.1
Scan saved at 10:08:50 PM, on 12/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\1135484860\ee\aolsoftware.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\TOOLS\spyware tools\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1115336617718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CC0022-69AF-4708-9957-20ED3BB74229}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Owner\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe




When I tried to kill these files in safe mode
C:\Program Files\CSBB

c:\windows\system32\scvhost.exe

c:\windows\scvhost.exe

None existed.

[Flrman1]

* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Go to Start > Control Panel > Java. On the General tab under "Temporary Internet Files" click the "Delete Files" button to clear the Java cache.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.

• Put a tick by Standard File Kill.
• In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
• Click on the button that has the red circle with the X in the middle after you enter each file.
• It will ask for confimation to delete the file.
• Click Yes.
• Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Documents and Settings\All Users\Application Data\SecTaskMan\asappsrv.dll

C:\Documents and Settings\All Users\Application Data\SecTaskMan\mc-110-12-0000137.exe

C:\Documents and Settings\Owner\Complete\Haute tension - Retour à Malaveil .zip

C:\Documents and Settings\Owner\Complete\Havarie (2005).zip

C:\Documents and Settings\Owner\Complete\Have Mercy on Us All (2006).zip

C:\Documents and Settings\Owner\Complete\Haveli (Xvid).zip

C:\Documents and Settings\Owner\Complete\Haven't We Met Before (DivX).zip

C:\Documents and Settings\Owner\Complete\Haven, The (2002) (Xvid).zip

C:\Documents and Settings\Owner\Complete\Hawa (2003) (Xvid).zip

C:\Documents and Settings\Owner\Complete\Hawaii Five-O Cocoon (DVD RIP).zip

C:\Documents and Settings\Owner\Complete\Hawaiian Dick (2006) (DVD Screener).zip

C:\Documents and Settings\Owner\Complete\Hawaiian One (2002) (V) (Xvid).zip

C:\Documents and Settings\Owner\Complete\Hawk, The (DVD RIP).zip

C:\Documents and Settings\Owner\Complete\Hay que matar a B. (DivX).zip

C:\Documents and Settings\Owner\Complete\His Father's Deputy (DVD RIP).zip

C:\Documents and Settings\Owner\Favorites\Online Pharmacy.url

C:\eied_s7.cab

C:\eied_s7.cab[eied_s7_c_29.exe

C:\eied_s7.cab

C:\Program Files\Common Files\Download\freeprodtb.exe

C:\Program Files\Common Files\Download\mc-110-12-0000137.exe

C:\Program Files\Common Files\InetGet

C:\Program Files\Common Files\Windows

C:\Program Files\MsUpdate

C:\q131134.0xe

C:\q541473.0xe

C:\q614715.0xe

C:\q626464.0xe

C:\q805999.0xe

C:\WINDOWS\cfgmgr52.ini

C:\WINDOWS\kwv2.dat

C:\WINDOWS\sdkeg32.exe

C:\WINDOWS\system32\GXM.0LL

C:\WINDOWS\system32\scvhost.0xe

C:\x.htm

C:\xz.0xe

Note: It is possible that Killbox will tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Restart back into Windows normally now.


* Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it.
Save the results from the scan.

Post a new HiJackThis log along with the report from the Housecall scan

[X_poison_girl_x]

Scanning and Cleaning Complete
HouseCall did not find any potential threats on your computer. Make sure you run HouseCall once a week to keep your PC clean and malware free.

Logfile of HijackThis v1.99.1
Scan saved at 2:13:44 PM, on 1/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\AIM\aim.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1135484860\EE\AOLSOFTWARE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\Documents and Settings\Owner\Desktop\TOOLS\spyware tools\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1115336617718
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CC0022-69AF-4708-9957-20ED3BB74229}: NameServer = 66.73.20.40 206.141.193.55
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Owner\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe




The Virus scanner found nothing, but im sure I have spyware because I keep getting these annoying pop ups.

[Flrman1]

** Before you proceed with the removal directions below you need to turn off MS Anti-Spyware's realtime protection as it will interfere with the changes we are trying to make.

• Open MS Anti-Spyware and click on Options > Settings.
• Click on "Realtime Protection" in the left pane.
• Remove the check by these:
  • Enable the Microsoft Security Agents on startup (recommended)
  • Enable real-time spyware threat protection (recommended)
• Click "Save"
• Now right click the MS Anti-spyware icon in your system tray and choose "Shutdown Microsoft Anti-Spyware"
• Leave it disabled until we are finished here.

* Run Hijack This again and put a check by this entry. Close ALL windows except HijackThis and click "Fix checked"


O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe


* Double-click on Killbox.exe to run it. Now put a tick by Delete on Reboot. In the "Full Path of File to Delete" box, copy and paste the following line then click on the button that has the red circle with the X in the middle.

C:\Program Files\CSBB

When it asks to reboot now, click yes and let it reboot.


* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

[X_poison_girl_x]

I got some werid message from Killbox.

"Pendingfilerenameoperations registry data has been removed by external process!"

Hmm..

So because of that message I tried to do a standard kill but it said the file doesn't exist.





The virus scan only found cookies which I deleted.



Logfile of HijackThis v1.99.1
Scan saved at 3:28:49 PM, on 1/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\1135484860\ee\aolsoftware.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\TOOLS\spyware tools\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1115336617718
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CC0022-69AF-4708-9957-20ED3BB74229}: NameServer = 66.73.20.40 206.141.193.55
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Owner\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Edited by X_poison_girl_x, 02 January 2006 - 02:29 PM.

[Flrman1]

How is everything now?

[X_poison_girl_x]

Im still getting pop-ups..

[Flrman1]

* Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.


* Also download Rootkit Revealer from here (link is at the very bottom of the page).

• Unzip it to your desktop.
• Open the rootkitrevealer folder and double-click rootkitrevealer.exe
• Click the Scan button (bottom right)
• It may take a while to scan (don't do anything while it's running)
• When it's done, go up to File > Save. Choose to save it to your desktop.
• Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

[X_poison_girl_x]

The installed programs list

Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Mozilla Firefox (1.5)
MP3 Splitter
Neopets
Network Play System (Patching)
NVIDIA DVD Decoder
Panda ActiveScan
QuickTime
RealPlayer
Security Task Manager 1.6f
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Snes9x
Spybot - Search & Destroy 1.4
Trend Micro PC-cillin Internet Security 2006
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB826959
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB905915
WinMX
WinZip
Yahoo! Messenger


The Rootkit Revealer list is way too long to post. Can I add it as an attachment?

Edited by X_poison_girl_x, 03 January 2006 - 04:47 AM.

[Flrman1]

The Rootkit Revealer list is way too long to post. Can I add it as an attachment?

Yes, add it as an attachment.

You didn't post all of the uninstall list either. Please post all of it.

[X_poison_girl_x]

The uninstall listed.

ACDSee 8
Acoustica Audio Converter Pro
Ad-aware 6 Professional
Adobe Reader 7.0
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Broadcom 440x 10/100 Integrated Controller
Burn4Free CD & DVD 1.1.5.0
CDisplay 1.8
CleanUp!
Dell Photo Printer 720
Dell ResourceCD
DivX
DivX Player
Easy GIF Animator 3.2
eMule
ewido security suite
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics Driver
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 5
LimeWire PRO 4.8.1
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Memory Key Boot Utility
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Mozilla Firefox (1.5)
MP3 Splitter
Neopets
Network Play System (Patching)
NVIDIA DVD Decoder
Panda ActiveScan
QuickTime
RealPlayer
Security Task Manager 1.6f
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Snes9x
Spybot - Search & Destroy 1.4
Trend Micro PC-cillin Internet Security 2006
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB826959
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB905915
WinMX
WinZip
Yahoo! Messenger

Im pretty sure thats all of it because I just copy and pasted it from the log I saved from Hijack This.

[X_poison_girl_x]

Im confused..

I attached the file, but I don't see the attachment anywhere on my post.

[Flrman1]

* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Click here to download AproposFix.

• Save it to your desktop but do NOT run it yet.
• Restart your computer to safe mode
• Click here for info on how to boot to safe mode if you don't already know how.
• Once in Safe Mode, double-click the aproposfix.exe and unzip it to the desktop.
• Open the aproposfix folder on your desktop and run RunThis.bat to run the fix.
• Follow the prompts.
• When the tool is finished, restart your computer back into Windows normal mode.
• Post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.