Cyberanswers is now on youtube

Register a free account
ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Spyware / Virus Removal
Reload this Page friend has major spyware. help pleaseee
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Reply
 
Thread Tools Display Modes
  #1  
Old 02-14-2005, 08:53 PM
savedtheday89 savedtheday89 is offline
Member
  
Join Date: Oct 2004
Posts: 39
Send a message via AIM to savedtheday89 Send a message via MSN to savedtheday89
Here's the HJT log... help pleaseeeeee!!
Logfile of HijackThis v1.98.2
Scan saved at 8:52:01 PM, on 2/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\mmups.exe
C:\WINDOWS\system32\usmbxt.exe
C:\PROGRA~1\VBouncer\VirtualBouncer.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Bpt\bpt.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\PROGRA~1\COMMON~1\AOL\110442~1\EE\AOLHOS~1.EX E
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\ds***ec.exe
C:\Program Files\Windows FormatAd\WinForm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\AOLCLIENT.EXE
C:\Program Files\Windows FormatAd\WinFormKeep.exe
C:\program files\zango\zango.exe
C:\PROGRA~1\COMMON~1\AOL\110442~1\EE\AOLServiceHos t.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe
C:\Program Files\WeatherCast\Weather.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dskp1hfm.exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: Flash Extender - {95795B67-BBAB-47d0-8A9F-069E8242C0E5} - c:\Program Files\Fen\fen.dll
O2 - BHO: SDWin32 Class - {C8616A24-5807-4010-95BC-ABE357FA955E} - C:\WINDOWS\system32\fozpn.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: ** Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\**ToolBar\**ToolBar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdtl.exe
O4 - HKLM\..\Run: [fozpnc] C:\WINDOWS\system32\fozpnc.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [bcxdyorqqanj] C:\WINDOWS\system32\usmbxt.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104426038\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [FeCPY] "C:\Program Files\Common Files\Java\fecpy.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [nqjkzqb] C:\WINDOWS\nqjkzqb.exe
O4 - HKLM\..\Run: [3Fng36R] ds***ec.exe
O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL 9.0 Optimized] AOLCLIENT.EXE
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"
O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q
O4 - HKCU\..\Run: [Io4mRWd5W] dskp1hfm.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\RunOnce: [AOL 9.0 Optimized] AOLCLIENT.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O16 - DPF: {00000000-DCCD-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Chris\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ClientInstaller Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
__________________
--Kelly
Reply With Quote
Sponsored Links

  #2  
Old 02-14-2005, 09:04 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
First well have you rescan once again, insert a check next to each of the following then close all other open windows and click "fix checked"


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll

O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll

O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll (file missing)

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll

O2 - BHO: Flash Extender - {95795B67-BBAB-47d0-8A9F-069E8242C0E5} - c:\Program Files\Fen\fen.dll

O2 - BHO: SDWin32 Class - {C8616A24-5807-4010-95BC-ABE357FA955E} - C:\WINDOWS\system32\fozpn.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

O3 - Toolbar: ** Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\**ToolBar\**ToolBar.dll

O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdtl.exe

O4 - HKLM\..\Run: [fozpnc] C:\WINDOWS\system32\fozpnc.exe

O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe

O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKLM\..\Run: [bcxdyorqqanj] C:\WINDOWS\system32\usmbxt.exe

O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe

O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe

O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"

O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"

O4 - HKLM\..\Run: [FeCPY] "C:\Program Files\Common Files\Java\fecpy.exe"

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [nqjkzqb] C:\WINDOWS\nqjkzqb.exe

O4 - HKLM\..\Run: [3Fng36R] ds***ec.exe

O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe

O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe

O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q

O4 - HKCU\..\Run: [Io4mRWd5W] dskp1hfm.exe

O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe

O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent

O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

- DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Chris\Local Settings\Temp\EI40_\msxml4.cab

O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ClientInstaller Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - [Only Registered and Activated Users Can See Links. Click Here To Register...]



Then reboot into safe mode: [Only Registered and Activated Users Can See Links. Click Here To Register...]

set the system to show hidden files and folders [Only Registered and Activated Users Can See Links. Click Here To Register...]


Then search for and delete:
C:\Program Files\AceGain

C:\Program Files\Internet Optimizer


C:\Program Files\WildTangent

C:\WINDOWS\system32\winupdtl.exe

C:\WINDOWS\system32\fozpnc.exe

C:\WINDOWS\mmups.exe

C:\Program Files\SurfSideKick 2

C:\WINDOWS\system32\usmbxt.exe

C:\WINDOWS\conscorr.exe

C:\WINDOWS\wupdt.exe

C:\PROGRA~1\VBouncer

C:\Program Files\WhenUSearch

C:\Program Files\AutoUpdate

C:\PROGRA~1\Save

C:\Program Files\Bpt

C:\Program Files\Common Files\Java

C:\Program Files\ANI

C:\Program Files\BullsEye Network

C:\WINDOWS\nqjkzqb.exe

C:\Program Files\Windows FormatAd

c:\program files\zango

C:\Program Files\WeatherCast

C:\Program Files\SurfSideKick 2

C:\PROGRA~1\COMMON~1\tsa

C:\Program Files\Valve


__________________________________________________ ______
Get The latest version of Adaware
You can download the free version here:
[Only Registered and Activated Users Can See Links. Click Here To Register...]

or here (alternate download location)
[Only Registered and Activated Users Can See Links. Click Here To Register...]

You need to be logged on as Adminstrator through the installation.
For ease in installation and operation, view the tutorial here [Only Registered and Activated Users Can See Links. Click Here To Register...]

Just download it to your desktop and then to install click on the file you just downloaded (aawsepersonal.exe). You will be guided through the installation. It is recommended to use the default setting of "Protect anyone who uses this computer".

On the main screen of Adaware please look for the *check for updates now* link, just above the start button in the bottom right corner or you can click on the Webupdate button that looks like a globe icon at the top. Press * connect* to let it check for any recent updates. If any are found, please let it download and install them.

Now, configure your settings. Click the gear icon at the top. These are the recommended settings:

AAW SE settings

General Button
Safety:
Check (Green) all three.

Advanced Button
Logfile Detail Level:
All options under this should be checked (Green).

Tweak Button
Check (Green) the following:
Log Files
Include basic Ad-Aware settings in logfile:
Include additional Ad-Aware settings in logfile:
Please do not check (Green): Include Module list in logfile:

On your first scan, use the Full Scan (Perform full system scan) mode.

Let Adaware remove any *bad* objects found. Reboot your PC and scan again. Repeat this process until no more bad items are found. It may take several scans to clean everything, depending on the type of infections found.
________________________

Then get the latest version of hijack here [Only Registered and Activated Users Can See Links. Click Here To Register...]
and post a fresh log
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]

Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Friend ----> Deleted Local Files Raistlfiren The coffee shop 5 10-06-2004 12:21 AM


All times are GMT -5. The time now is 03:49 AM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright © 2004-2007 Cyberanswers.org All rights reserved