TheTechGuide Forum
General Category => Tech Clinic => Topic started by: mengskx on June 15, 2006, 01:58:28 PM
-
Ive had this computer for a long time now. It is a 70gig hard drive, but over the years I and other users have accumulated a bunch of files on the computer that arent ever being used. Is there a way to clean up the computers unused files. I used Cleanup40 and Ewido Security which seemed to help a lot but theres still a lot of stuff I have no idea how it got on the computer and I dont want to delete something important to the system.
-
It would be hard for me to tell you what files you can delete or not
You would have to go thru dates and file types and determine if they are needed or not
But I can help if there is malware that may be slowing the system down
Can you do the following
From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here.
-
Logfile of HijackThis v1.99.1
Scan saved at 4:54:38 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-W92P4BHLZG\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.imesh.com/search/ (http://\"http://google.imesh.com/search/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided
by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.com:800
0;https=sas.r5.attbi.co
m:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-
US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11
\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program
Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} -
C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program
Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI
Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1
\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/pt0_x.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security
suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program
Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation -
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
\nvsvc32.exe
-
Can you do the following please
You are controlling entries on startup with Msconfig
This disables me from seeing everything in your log
If you are hiding malware we must remove it and not disable it
Can you go to START>>RUN>>type in msconfig
Under the Startup and Services tab ensure everything is enabled
Under the General tab ensure Normal startup is selected
Apply it and Close
Reboot when prompted
Come back here and post a fresh hijackthis log
Before you copy the fresh log in notepad, can you click on FORMAT>>UNCHECK Word Wrap
Then go ahead and copy the log
This will remove the spaces in your log
-
When I enabled everything my internet wouldnt work, I had to use another computer to go online.
Logfile of HijackThis v1.99.1
Scan saved at 6:52:43 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1139798301\ee\AOLSoftware.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\Owner.YOUR-W92P4BHLZG\Desktop\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner.YOUR-W92P4BHLZG\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.imesh.com/search/ (http://\"http://google.imesh.com/search/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.com:800
0;https=sas.r5.attbi.com:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139798301\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AutoPlay] C:\HP\BIN\AUTOPLAY.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -aim
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Forget Me Not Reminders.lnk = C:\CACARD\FMREMIND.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/pt0_x.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-
Can you also let me know the following
I see entries related to AOL>>Do you use this?
I see entries related too Comcast, you appear to be a WOW(WideOpenWest) subscriber
Did you or do you use Comcast?
I see an entry related too Zero Knowledge Freedom, what products do you use of their's?
I see Party Poker, did you knowing install it?
Net2Phone>>An Internet telephony application. Needed only if you have an account at http://web.net2phone.com/Net2Phone (http://\"http://web.net2phone.com/Net2Phone\") Inc
Imesh>>Free version contains spyware, I would uninstall it
go with something that is spyware free
SpySweeper>>Is this the trial version of full paid version?
Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
Remember to ensure Word Wrap is unchecked before copying the log
-
The only AOL thing I use is instant messenger.
I have WOW
I don’t use Zero Knowledge Freedom
I do play on Party Poker
Spy Sweeper was only the trial version
I uninstalled and deleted the imesh files
I use LimeWire
INSTALLED SOFTWARE (203) - YOUR-W92P4BHLZG - 6/18/2006 12:47:55 PM
Ad-Aware SE Personal Ver: 1.06
Adobe Acrobat 5.0 Ver: 5.0
AltoMP3 Maker 3.12
AOL Instant Messenger
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
ATI Multimedia Center 7.9.0.0
Audio Conversion Wizard 1.8 Ver: 1.8
AutoUpdate Ver: 1.0
Blaze Media Pro
Blaze Media Pro Ver: 6.0 Installed: 4/19/2006
Camera Support Core Library Ver: 7.2.0.4 Installed: 5/9/2005
Camera Window DS Ver: 5.1 Installed: 5/9/2005
Camera Window DVC Ver: 5.1 Installed: 5/9/2005
Camera Window MC Ver: 5.1 Installed: 5/9/2005
Canon Camera Support Core Library Ver: 7.2.0.4 Installed: 5/9/2005
Canon Camera Window DS for ZoomBrowser EX Ver: 5.1 Installed: 5/9/2005
Canon Camera Window DVC for ZoomBrowser EX Ver: 5.1 Installed: 5/9/2005
Canon Camera Window for ZoomBrowser EX Ver: 5.1 Installed: 5/9/2005
Canon MovieEdit Task for ZoomBrowser EX Ver: 1.3.0.19 Installed: 5/9/2005
Canon PhotoRecord Ver: 02.02.01000 Installed: 5/9/2005
Canon RAW Image Task for ZoomBrowser EX Ver: 2.0 Installed: 5/9/2005
Canon RemoteCapture Task for ZoomBrowser EX Ver: 1.1 Installed: 5/9/2005
Canon Utilities PhotoStitch 3.1 Ver: 3.1.14 Installed: 5/9/2005
Canon ZoomBrowser EX Ver: 5.00.0000 Installed: 5/9/2005
Chaos Pack 1.00 for Pocket Tanks Deluxe
CleanUp!
Command & Conquer Red Alert 2
Command && Conquer Red Alert 2 - Yuri's Revenge
DAO Ver: 3.5 Installed: 3/18/2004
DAO Ver: 3.5 Installed: 3/18/2004
Detto IntelliMover
DivX Ver: 5.2.1
DivX Player Ver: 2.6
DX-Ball 1.09
ewido security suite
Flamethrower Pack 1.00a for Pocket Tanks Deluxe
Fx Audio Editor
Google Desktop Search Ver: -
Google Toolbar for Internet Explorer
Google Video Player
GUIDE PLUS+(tm) for Windows® System - ATI
HijackThis 1.99.1 Ver: 1.99.1
hp center
HP Instant Support
HP RecordNow Ver: 3.10 Installed: 11/6/2001
Inactive HP Printer Drivers (Remove only)
InterVideo WinDVD
iTunes Ver: 4.6.0.15 Installed: 6/25/2004
iTunes Ver: 4.6.0.15 Installed: 6/25/2004
J2SE Runtime Environment 5.0 Update 1 Ver: 1.5.0.10 Installed: 4/30/2005
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
Kazaa Media Desktop 2.0.2
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire 4.9.33 Ver: 4.9.33
LQfix 2.0
Macromedia Flash Player 8 Ver: 8
Macromedia Shockwave Player Ver: 10.1.0.11
MarketBrowser
McAfee.com Agent
McAfee.com VirusScan Online
Microsoft Data Access Components KB870669
Microsoft Money 2002 Ver: 10.0.50 Installed: 11/6/2001
Microsoft Money 2002 System Pack Ver: 10.0.80 Installed: 11/6/2001
Microsoft Office Professional Edition 2003 Ver: 11.0.5614.0 Installed: 10/12/2004
Microsoft Works 6.0 Ver: 06.00.0000 Installed: 11/6/2001
Microsoft Works and Money 2002 Setup Launcher
mIRC
Morpheus Software
MovieEdit Task Ver: 1.3.0.19 Installed: 5/9/2005
Mozilla Firefox (1.5.0.4) Ver: 1.5.0.4 (en-US)
MP3 CD Converter 4.00
MP3 CD Maker
MP3 Surgeon 2004
MSN Gaming Zone
MSN Messenger 7.5 Ver: 7.5.0324.0 Installed: 5/9/2006
My Photo Center
nanoPEG-Editor 2.3 Hauppauge Edition Ver: 2.3.1
Net2Phone Ver: 10.0
Netscape (7.0)
Nuke Pack 1.00 for Pocket Tanks Deluxe
NVIDIA Windows 2000/XP Display Drivers
Online Manuals for WinTV (English)
Panda ActiveScan
PartyPoker Ver: 95 Installed: 06/08/2006
PC-Doctor for Windows
PhotoStitch Ver: 3.1.14 Installed: 5/9/2005
Pinnacle Hollywood FX 4.6
Pinnacle Systems USB Installation
Pocket Tanks 1.00b
Pocket Tanks Deluxe 1.00b
PS2
Python 1.5 combined Win32 extensions
Python 1.5.2 (final)
Quicken Financial Center
QuickTime
RAW Image Task 2.0 Ver: 2.0 Installed: 5/9/2005
Razer
RealArcade
RealPlayer
RemoteCapture Task 1.1 Ver: 1.1 Installed: 5/9/2005
RingMaster from Hewlett-Packard Desktops (remove only)
Roll
S3 Gamma
Samsung Music Studio
Scrabble (remove only)
Security Update for Step By Step Interactive Training (KB898458) Ver: 20050502.101010 Installed: 6/18/2005
Security Update for Windows Media Player (KB911564) Installed: 2/17/2006
Security Update for Windows Media Player 10 (KB911565) Installed: 5/31/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 6/16/2006
Security Update for Windows XP (KB883939) Ver: 1 Installed: 6/18/2005
Security Update for Windows XP (KB890046) Ver: 1 Installed: 6/18/2005
Security Update for Windows XP (KB893756) Ver: 1 Installed: 8/12/2005
Security Update for Windows XP (KB896358) Ver: 1 Installed: 6/18/2005
Security Update for Windows XP (KB896422) Ver: 1 Installed: 6/18/2005
Security Update for Windows XP (KB896423) Ver: 1 Installed: 8/12/2005
Security Update for Windows XP (KB896424) Ver: 1 Installed: 11/11/2005
Security Update for Windows XP (KB896428) Ver: 1 Installed: 6/18/2005
Security Update for Windows XP (KB896688) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB899587) Ver: 1 Installed: 8/12/2005
Security Update for Windows XP (KB899588) Ver: 1 Installed: 8/12/2005
Security Update for Windows XP (KB899591) Ver: 1 Installed: 8/12/2005
Security Update for Windows XP (KB900725) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB901017) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB901190) Ver: 1 Installed: 2/17/2006
Security Update for Windows XP (KB901214) Ver: 1 Installed: 7/14/2005
Security Update for Windows XP (KB902400) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB903235) Ver: 1 Installed: 7/14/2005
Security Update for Windows XP (KB904706) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB905414) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB905749) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB905915) Ver: 1 Installed: 12/15/2005
Security Update for Windows XP (KB908519) Ver: 1 Installed: 1/11/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 4/14/2006
Security Update for Windows XP (KB911280) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 4/14/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 4/14/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 2/17/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 4/14/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 1/6/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 2/17/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 5/10/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB918439) Ver: 1 Installed: 6/16/2006
Shockwave
Sonic Foundry Super Duper Music Looper XPress Ver: 1.0.69 Installed: 11/6/2001
Spy Sweeper
Spybot - Search & Destroy 1.4 Ver: 1.4
SpywareBlaster v3.4 Ver: 3.4.0
Starcraft
Studio 8 Ver: 8.9.0.0
Studio Content CD Ver: 1.00.000
Tcl 8.0.5 for Windows
Update for Windows XP (KB894391) Ver: 1 Installed: 8/12/2005
Update for Windows XP (KB896727) Ver: 1 Installed: 8/12/2005
Update for Windows XP (KB898461) Ver: 1 Installed: 6/30/2005
Update for Windows XP (KB900485) Ver: 2 Installed: 4/26/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 12/15/2005
USB
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WavePad Uninstall
WebFldrs XP Ver: 9.50.5318 Installed: 11/6/2001
Westwood Shared Internet Components
Winamp3 (remove only)
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707 Ver: 20040929.110854
Windows XP Hotfix - KB867282 Ver: 20050127.090417
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890047 Ver: 20041221.124506
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 4/16/2005
Windows XP Hotfix - KB890923 Ver: 1 Installed: 4/16/2005
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB893066 Ver: 1 Installed: 4/16/2005
Windows XP Hotfix - KB893086 Ver: 1 Installed: 4/16/2005
Windows XP Service Pack 2 Ver: 20040803.231319
WinZip Ver: 8.1 (4331)
WinZip Self-Extractor
WordBiz version 1.8 Ver: 1.8
WordPerfect Office 2002 Try Before You Buy
WordPerfect Office 2002 Try Before You Buy Ver: 10 Installed: 11/6/2001
Works Suite OS Pack Ver: 1.0.0.0000 Installed: 11/6/2001
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
Yahoo! Toolbar
Yahoo! Toolbar
YP-MT6
-
I can only make recommendations of what I would remove
These are optional:
AOL Toolbar 2.0
If you only need Limewire
You should remove
Kazaa Media Desktop 2.0.2 <-remove Altnets if prompted
And
Morpheus Software
You have the Google toolbar and Yahoo toolbar
If you don't need both remove
Yahoo! Toolbar
You should remove all old updates and versions of Java, we will get you updated once you are back up and running online
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
Remove
LQfix 2.0 <--an fix from an earlier infection, not required anymore
Net2Phone>>Again, if you don't use it, remove it
Remove the following that were installed with AOL, not required
Viewpoint Manager (Remove Only)
Viewpoint Media Player
If SpySweeper is an old trial version, Uninstall it as having an outdated program really does no good
Reboot the computer after any or ALL of the above were removed
Let me know if you can get back online with either IE or Firefox
Supply a fresh hijackthis log
-
My internet works now. I tried removing Kazaa but it wouldnt let me.
Logfile of HijackThis v1.99.1
Scan saved at 5:11:10 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1139798301\ee\AOLSoftware.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Razer\razertra.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-W92P4BHLZG\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.com:800
0;https=sas.r5.attbi.com:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139798301\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AutoPlay] C:\HP\BIN\AUTOPLAY.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -aim
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Forget Me Not Reminders.lnk = C:\CACARD\FMREMIND.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/pt0_x.cab\")
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-
Please let me know everything that you uninstalled from add/remove programs
so I know what is leftovers
-
I uninstalled:
AOL Toolbar 2.0
Morpheus Software
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
Net2Phone
LQfix 2.0
Viewpoint Manager (Remove Only)
Viewpoint Media Player
SpySweeper
-
I had to reinstall J2SE Runtime Environment 5.0 Update 1 to run Lime Wire
-
Very sorry for the delay
I had to reinstall J2SE Runtime Environment 5.0 Update 1 to run Lime Wire
I hope you meant J2SE Runtime Environment 5.0 Update 7
Can you post a fresh hijackthis log please, we'll clean some entries
-
Logfile of HijackThis v1.99.1
Scan saved at 4:16:24 AM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1139798301\ee\AOLSoftware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\razertra.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.YOUR-W92P4BHLZG\Desktop\hijackthis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.com:800
0;https=sas.r5.attbi.com:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139798301\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AutoPlay] C:\HP\BIN\AUTOPLAY.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -aim
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - Startup: Forget Me Not Reminders.lnk = C:\CACARD\FMREMIND.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/pt0_x.cab\")
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-
Let's remove some entries with Hijackthis that appear to orphaned as well as run a tool to clean Kazaa
But first:
Download and save to your desktop WinSockXP fix
Don't run this tool, but it is handy in case you lose internet connection again
http://www.majorgeeks.com/download4372.html (http://\"http://www.majorgeeks.com/download4372.html\")
Download [color=\"red\"]Brute Force Uninstaller[/color] (http://\"http://www.merijn.org/files/bfu.zip\")[/b] to your desktop. (rightclick on this link and choose save as, if using IE save target as)- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Download and save to your desktop kazaa.zip
Extract the contents of kazaa.zip to the BFU folder you made in the last step
So you now have C:\BFU\kazaa202.bfu
<Attachment removed>
Print the rest of these instructions or copy>paste to a text file and save too desktop
Close all browser windows, including this one
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ (http://\"http://srch-us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us4.hpwis.com/ (http://\"http://us4.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
=Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to kazaa202.bfu in the C:\BFU folder
Right click kazaa202.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot the computer
I noticed you have an older version of SpywareBlaster installed
you should do the following
Open SpywareBlaster 3.4
Click on "Disable All Protection"
Access your add/remove programs and uninstall it
Now, *Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
Let me know how things are running afterwards
NOTE: If you do lose Internet connection after running the above fixes
Run Winsockxp fix you saved to desktop earlier
-
I didnt see how to
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish"
I just clicked extract after I made the new folder
The Kazaa thing didnt let me extract, just says cannot open file
I did everything else
-
Sorry about that,
I somehow managed to upload an empty zip file
Can you go back up to my last post and redownload kazaa202.zip
I tried uploading the file again, but everytime the zip file is empty (http://img189.exs.cx/img189/206/confused2hw.gif)(http://www.thehealthymom.com/wp-content/plugins/more-smilies/maidacollection/dunno.gif)
Let me try this, I've uploaded the file kazaa202.txt
[attachment=819:attachment]
Use Firefox and click on the attachment please
A new page will open with text in it
In the new page click on FILE>>SAVE PAGE AS
Save it too the BFU folder you made earlier
Navigate to the BFU folder>>Open it and right click on kazaa202.txt and RENAME it too kazaa202.bfu
Then follow the instructions I asked in my previous post to run Brute Force uninstaller
Close all browser windows before proceeding
Be sure to reboot the computer afterwards
Come back here and post one last hijackthis log please
Let me know how things are running