Author Topic: Need some help... (Read 2103 times)

Dylan · « **on:** December 23, 2006, 09:43:40 AM »

Computer is going really slow. Explorer randomly exits out when used. Here's the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 9:44:46 AM, on 12/23/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINNT\system32\dplaysvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {F58CC0D9-0314-2890-1C57-56F07BC03F93} - C:\WINNT\system32\vszevnp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F58CC0D9-0314-2890-1C57-56F07BC03F93} - C:\WINNT\system32\vszevnp.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [winlogon] C:\WINNT\nvchost.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\WNSXS~1\notepad.exe" -vt yazr
O4 - HKCU\..\Run: [Izyu] C:\Program Files\Common Files\a?sembly\r?ndll32.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Fleet - http://download2.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Go Fish - http://download2.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\ALLTEL~1\SMARTB~1\SBHookSvc.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe

guestolo · « **Reply #1 on:** December 23, 2006, 11:51:41 AM »

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Dylan · « **Reply #2 on:** December 23, 2006, 12:53:39 PM »

Here it is.

545 Studios Skinstaller (remove only)
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
AIM 6.0
AIM+ (remove only)
AOL Instant Messenger
Apple Software Update
ArcSoft Software Suite
Axis & Allies Iron Blitz
BearShare
BrainWave Generator
CCleaner (remove only)
CleanUp!
Efficient Networks SpeedStream DSL
ewido security suite
Google Toolbar for Internet Explorer
GSpot Codec Information Appliance
GST 1.36.0.2
HijackThis 1.99.1
iCam320
Intel® PRO Network Connections Drivers
Internet Explorer Q903235
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 8
LimeWire 4.12.6
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft VGX Q833989
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
MSN Gaming Zone
MSN Messenger 6.2
Personal Training Workstation 6.0
Presto! Mr. Photo
Presto! VideoWorks
QuickTime
RealArcade
Security Update for Windows 2000 (KB904706)
Skype 1.4
Spybot - Search & Destroy 1.3
Tango Manager
The Sims Deluxe Edition
Ulead Photo Explorer 6.0
Uninstall JL2005A Toy Camera
Update Rollup 1 for Windows 2000 SP4
Viewpoint Media Player
WebCamPlanet 5.00
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB887797
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB904368
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix (Pre-SP4) [See Q327269 for more information]
Windows 2000 Hotfix (SP5) Q818043
Windows 2000 Service Pack 4
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
YahooPoolAimer

guestolo · « **Reply #3 on:** December 23, 2006, 01:14:40 PM »

That for posting the uninstall list
NOTE: you were here posting a log from this computer back in September, you didn't followup with the instructions I posted
How Come?
We'll deal with some entries in from the uninstall list in a bit

But first, can you do the following please
Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: (no name) - {F58CC0D9-0314-2890-1C57-56F07BC03F93} - C:\WINNT\system32\vszevnp.dll

O2 - BHO: (no name) - {F58CC0D9-0314-2890-1C57-56F07BC03F93} - C:\WINNT\system32\vszevnp.dll
O4 - HKLM\..\Run: [winlogon] C:\WINNT\nvchost.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\WNSXS~1\notepad.exe" -vt yazr
O4 - HKCU\..\Run: [Izyu] C:\Program Files\Common Files\a?sembly\r?ndll32.exe
O20 - AppInit_DLLs:

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in Windows
IF you still have Combofix saved to desktop
Delete it, it will be outdated
Also delete the following folder if found
C:\sUBs <-folder
and this file
C:\combofix.txt <-file

REDownload this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post the log please
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from Combofix also post a fresh hijackthis log

Dylan · « **Reply #4 on:** December 24, 2006, 01:25:50 AM »

Sorry about the old post, this computer wouldn't start up for a couple months so I forgot about it. Here's the ComboFix log.

Administrator - Sun 12/24/2006 1:22:07.76 Service Pack 4
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINNT\system32\ping.dll

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINNT\RACLE~1
C:\QooBox\Purity\WINNT\YMANTE~1
C:\QooBox\Purity\WINNT\Ã§SKS~1
C:\QooBox\Purity\WINNT\SSTEM3~1
C:\QooBox\Purity\WINNT\SSTEM~1
C:\QooBox\Purity\WINNT\SCURIT~1
C:\QooBox\Purity\WINNT\APPATC~1
C:\QooBox\Purity\WINNT\PPATCH~1
C:\QooBox\Purity\WINNT\Ã PPATC~1
C:\QooBox\Purity\WINNT\system32\SMANTE~1
C:\QooBox\Purity\WINNT\system32\SMBOLS~1
C:\QooBox\Purity\Program Files\RACLE~1
C:\QooBox\Purity\Program Files\RACLE~2
C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\STEM~1
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\YMBOLS~1
C:\QooBox\Purity\Program Files\ECURIT~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\SSEMBL~1
C:\QooBox\Purity\Program Files\PPPATC~1
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\YMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\ASEMBL~1
C:\QooBox\Purity\Program Files\Common Files\SEMBLY~1
C:\QooBox\Purity\Program Files\Common Files\ASEMBL~1\r?ndll32.exe
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\YSTEM3~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\APPATC~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\APPATC~1\APPATC~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\APPATC~1\svchost.exe
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\RACLE~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\CROSOF~1.NET
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\FNTS~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\APPATC~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\WNSXS~1\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\WNSXS~1\?pool32.exe

((((((((((((((((((((((((((((((( Files Created from 2006-11-24 to 2006-12-24 ))))))))))))))))))))))))))))))))))

2006-12-23   21:00   <DIR>   d--------   C:\Program Files\3DGroove
2006-12-22   01:06   <DIR>   d--------   C:\Bwgen
2006-12-22   01:02   <DIR>   d--------   C:\bwg
2006-12-22   01:01   152,064   --a------   C:\WINNT\nvchost.exe
2006-12-21   20:37   <DIR>   d--------   C:\Program Files\Apple Software Update
2006-12-19   19:43   <DIR>   d--------   C:\Program Files\WinBudget
2006-12-16   08:45   69   --a-s----   C:\WINNT\test.bat
2006-12-16   08:44   179,160   --a------   C:\42295124.exe
2006-12-15   15:51   <DIR>   d--------   C:\Downloads
2006-12-12   18:44   <DIR>   d--------   C:\Program Files\BearShare Applications
2006-12-12   18:44   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\BearShare
2006-12-11   23:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\acccore
2006-12-11   23:56   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-11   23:55   <DIR>   d--------   C:\Program Files\Viewpoint
2006-12-11   23:55   <DIR>   d--------   C:\Program Files\Common Files\Nullsoft
2006-12-11   23:55   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-12-11   23:54   <DIR>   d--------   C:\Program Files\AIM6
2006-12-11   23:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\AOL Downloads

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp /HIDEBL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"Promon.exe"="Promon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"winlogon"="C:\\WINNT\\nvchost.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
@="C:\\PROGRA~1\\COMMON~1\\ASEMBL~1\\RNDLL3~1.EXE"
"Bykfst"="C:\\Documents and Settings\\Administrator\\My Documents\\W?nSxS\\?pool32.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061224-011513-765
O4 - HKLM\..\Run: [winlogon] C:\WINNT\nvchost.exe
backup-20061224-011513-545
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
backup-20061224-011513-940
O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\WNSXS~1\notepad.exe" -vt yazr
backup-20061224-011513-754
O4 - HKCU\..\Run: [Izyu] C:\Program Files\Common Files\a?sembly\r?ndll32.exe
backup-20061224-011513-344
O2 - BHO: (no name) - {F58CC0D9-0314-2890-1C57-56F07BC03F93} - C:\WINNT\system32\vszevnp.dll

Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job

Completion time: Sun 2006-12-24 1:23:16.73
C:\ComboFix.txt ... 06-12-24 01:23

guestolo · « **Reply #5 on:** December 24, 2006, 02:10:48 AM »

Still some cleaning to do
Can you do the following

Download The Avenger.zip by Swandog46 to your Desktop.

* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
=============================================================
[color=\"#0000FF\"]
files to delete:
C:\WINNT\nvchost.exe
C:\42295124.exe

Folders to delete:
C:\Program Files\Save

Registry keys to delete:
HKEY_USERS\.default\software\microsoft\windows\currentversion\run

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | winlogon
[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop

* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.

Avenger should now Reboot your computer

Back in Windows

Access your add/remove programs
Remove the following older updates of Java
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 8

Also, Remove Viewpoint Media Player

Finally, remove the following 2 tools, they are outdated
We will update them in a bit
ewido security suite
and
Spybot - Search & Destroy 1.3

Reboot the computer after the above is uninstalled

Back in Windows, you can delete these folders if found
C:\Program Files\Viewpoint <-folder
C:\Program Files\ewido <-folder

Download and Install Spybot 1.4 from
HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Ensure all downloads are successful, they will have a [color=\"#00FF00\"]Green[/color] check next to them if they are, if any are not successful
Search for updates again and try to redownload them till successful
After update is complete

Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer

Back in Windows
Download>>Install [color=\"#000099\"]AVG Anti-Spyware 7.5[/color] from Ewido networks

Load AVG-antispyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")

Select the "Scanner" tab

Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected
Click back to the "Scan" tab and then click on Complete System Scan.
Let this scan complete, let it run uninterrupted
AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck

"Resident Shield" , "Automatic updates" and "Start with Windows"
[/list]Reboot the computer

Come back here and post the following
1. Post a fresh hijackthis log
2. Post the report from AVG-Antispyware
3. Post the log from Avenger, found here>>C:\Avenger.txt

Dylan · « **Reply #6 on:** December 27, 2006, 11:40:33 AM »

Here's the logs you asked for.

Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 11:33:16 AM, on 12/27/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {F58CC0D9-0314-2890-1C57-56F07BC03F93} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Fleet - http://download2.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Go Fish - http://download2.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\ALLTEL~1\SMARTB~1\SBHookSvc.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe

AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:50:12 PM 12/24/2006

+ Scan result:

C:\HJT\backups\backup-20061224-011513-344.dll -> Adware.PurityScan : Ignored.
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\WNSXS~1\Ñ•pool32.exe -> Adware.PurityScan : Ignored.
C:\QooBox\Purity\Program Files\Common Files\ASEMBL~1\rÏ…ndll32.exe -> Adware.PurityScan : Ignored.
C:\Downloads\RollerCoasterTycoon2-dm[1].exe -> Adware.Trymedia : Ignored.
C:\Program Files\Microsoft Games\Age of Empires II\patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\WINNT\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\APPATC~1\svchost.exe -> Downloader.PurityScan.cz : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\root\magnet10\BrainWave Generator 3.1.9 Crack.zip/BrainWave Generator 3.1.9 Crack.exe -> Dropper.Delf.xo : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\My Downloads\Guitar Speed Trainer.zip/patch.exe -> Trojan.Delf.li : Cleaned with backup (quarantined).
C:\WINNT\system32\wnsapisv.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gcvbwlem

*******************

Script file located at: \??\C:\qlkqtoym.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINNT\nvchost.exe deleted successfully.
File C:\42295124.exe deleted successfully.

Folder C:\Program Files\Save not found!
Deletion of folder C:\Program Files\Save failed!

Could not process line:
C:\Program Files\Save
Status: 0xc0000034

Registry key HKEY_USERS\.default\software\microsoft\windows\currentversion\run deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|winlogon deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

guestolo · « **Reply #7 on:** December 27, 2006, 12:07:27 PM »

~~Ewido~~ Avg-Antispyware ignored this object
C:\Downloads\RollerCoasterTycoon2-dm[1].exe <-this file
If you don't need it, I would go and manually delete it

Don't worry about any other items that were ignored, there in a safe place for now

Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: (no name) - {F58CC0D9-0314-2890-1C57-56F07BC03F93} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Come back here and post a fresh hijackthis log
Let me know how things are running please

Could you also navigate to these 2 folders
C:\Bwgen
C:\bwg
Is there any files inside them?
Anything you recognize?

Also, I don't see any AntiVirus software or Firewall on your computer
Do you have your own to install, or do you need a free solution?
Let me know please, It's not safe being online without proper protection software

Dylan · « **Reply #8 on:** December 30, 2006, 04:55:26 PM »

I recognize the folders in the bwg and Bwgen folders. No, I don't have AntiVirus software or a firewall.

Here's the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 4:54:23 PM, on 12/30/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Fleet - http://download2.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Go Fish - http://download2.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\ALLTEL~1\SMARTB~1\SBHookSvc.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe

guestolo · « **Reply #9 on:** December 30, 2006, 10:42:59 PM »

Your log looks good, but you MUST do the following
Go to the following link
CLICK HERE

Take a look at the software Firewalls that are there, get yourself a free version of any of the ones posted
ONLY use one
At the moment I'm using Comodo's, a very good firewall, I recommend it
If you are low are resources, go for the free version of OutPost
After your firewall is installed
Go back to that same link and get yourself a free AntiVirus software
Again, ONLY use one, ensure it is updated and run a full system scan

Reboot the computer after the AV scan is completed, come back here, post one last hijackthis log and let me know how things are running please

Dylan · « **Reply #10 on:** January 01, 2007, 12:57:08 AM »

It won't even let me download anything cause my system has such low memory. How can I get it to have more memory? By deleting programs and such? I need to clean this computer of all programs that aren't needed to run the computer. Is there a simple way to do that?

By the way, I'm not good at picking out these Firewalls and AV tools, so can you please suggest some?

guestolo · « **Reply #11 on:** January 01, 2007, 06:09:55 PM »

What are your system specs?
Can you right click on MyComputer icon, left click Properties

Under the General tab it should give you info\
Post it please

How much space you have left on your harddisk?
If you double click on MyComputer and right click Local Disk C>>Select properties
It should give you info

Dylan · « **Reply #12 on:** January 03, 2007, 10:38:31 PM »

System:

Microsoft Windows 2000
5.00.2195
Service Pack 4

Registered to:
user

Computer
x86 Family 6 Model 8 Stepping
6
AT/AT Compatible
129,456 KB RAM

Capacity 9.3 GB
Used 7.26 GB
Free 2.04 GB

guestolo · « **Reply #13 on:** January 06, 2007, 01:44:33 PM »

The computer could use more Ram
It's cheap, you should look into it

We can clear some entries from add/remove programs
to make some room on this computer
A firewall is more important than some other installed programs

Take a look at these entries in your add/remove program
Which do you NOT need installed?
545 Studios Skinstaller (remove only)
ArcSoft Software Suite
Axis & Allies Iron Blitz
BearShare
BrainWave Generator
CCleaner (remove only)
CleanUp! <-although legit program, you may want to decide on either CCleaner or CleanUp!, to help make some room
GST 1.36.0.2 <-I'm not sure what this is related too, do you?
LimeWire 4.12.6
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
MSN Gaming Zone
Personal Training Workstation 6.0
Presto! Mr. Photo
Presto! VideoWorks
QuickTime
RealArcade
Skype 1.4
Tango Manager
The Sims Deluxe Edition
Ulead Photo Explorer 6.0
Uninstall JL2005A Toy Camera
WebCamPlanet 5.00
YahooPoolAimer

Carefully look over that list above, what do you need installed?
Everything is legit, but we're just trying to make room
+You have both Limewire and Bearshare installed
The free version of Bearshare also came bundled with spyware, if you don't need it, uninstall it
additionally, when I see filesharing programs installed
This would mean you also have downloaded music files, etc...
Can you back them up to another computer or CD and clear them from the disk to make room?

Let's assume that AVG-Antispyware has done it's job
You can uninstall it from Add-Remove programs also
Reboot the computer
Then delete this folder
C:\Program Files\Grisoft

hold onto Ad-Aware and Spybot

Can you open Ad-Aware please>>Click on DETAILS under Intialization Status
Let me know ad-aware reference no. and Internal build please

Also, get that Firewall on your system if you can
I suggest you may want to try Outpost free firewall
Low on resources
Take a look here
http://www.agnitum.com/products/outpostfree/download.php

When you have the above done, can you post a new hijackthis log please

Dylan · « **Reply #14 on:** January 09, 2007, 12:03:28 AM »

Logfile of HijackThis v1.99.1
Scan saved at 12:01:53 AM, on 1/9/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\msiexec.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://monkeyroyale.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: Yahoo! Euchre - http://download2.games.yahoo.com/games/clients/y/et3_x.cab
O16 - DPF: Yahoo! Fleet - http://download2.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download2.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download2.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download2.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\ALLTEL~1\SMARTB~1\SBHookSvc.exe (file missing)

guestolo · « **Reply #15 on:** January 09, 2007, 01:32:45 AM »

Looks like you got Outpost installed
Good work

I suggest that you still do the following
HOLD onto Spybot and Ad-Aware<<You didn't tell me ref. no and Internal build, is Ad-Aware SE Personal right up to date?

Use Spybot and Ad-Aware as anti-spyware scanners

NEXT: Go ahead and UNinstall AVG-ANTISPYWARE from Add/remove programs

Reboot the computer

Back in Windows
Use either CCleaner or CleanUp!, whichever you decided to keep and clear temp files, cookies, etc...

AVG-Antispyware is not the same as an Anti-Virus
Now that you have uninstalled AVG-Antispyware
Go to this link and install Avira's AntiVir software
http://www.free-av.com/
I once had trouble with the FTP mirrors, just use one of the normal download mirrors
Such as FileHippos, here is the link
http://www.filehippo.com/download_antivir/
Download latest version on the right hand side

After you have it installed, ensure it is updated, run a Full system scan
When it's done reboot the computer

This would be a really good time to run the Disk Defragment tool on your computer
When it's done, reboot one last time

Come back here and post One last hijackthis log and let me know how things are running

Dylan · « **Reply #16 on:** January 09, 2007, 03:33:27 PM »

Ok i'll get to that stuff, but i was having trouble with something.. When I try to visit the page www.monkeyroyale.com it won't let me view it. Says page cannot be displayed. It works for everyone else so I don't know if it's my ISP or what, it does this on both of the computers I have. Most of the pages say in the task bar or whatever it is at the bottom of the explorer.. "Done, but with errors on the page." Or something similar.

guestolo · « **Reply #17 on:** January 09, 2007, 03:37:13 PM »

Do my previous steps first, including running CCleaner or Cleanup!
Then post back please

TheTechGuide Forum

News:

Author Topic: Need some help... (Read 2103 times)

Dylan

Need some help...

guestolo

Need some help...

Dylan

Need some help...

guestolo

Need some help...

Dylan

Need some help...

guestolo

Need some help...

Dylan

Need some help...

guestolo

Need some help...

Dylan

Need some help...

guestolo

Need some help...

Dylan

Need some help...

guestolo

Need some help...

Dylan

Need some help...

guestolo

Need some help...

Dylan

Need some help...

guestolo

Need some help...

Dylan

Need some help...

guestolo

Need some help...