View Full Version : Command adware removal
Hi there,
Command adware has found its way onto my machine and I would like to remove
it.
When I try to remove it using the Control Panel 'Add/Remove Programs'
facility, I get directed to a website (hxxp//command.adservs.com/uninstall.php) for downloading an 'automated removal application'.
Having looked through a number of posts from others with Command on their
machines and read the advice given to them, this has not yet been suggested as a way of removing the problem program.
Please could anyone advise as to whether this would work or whether this in
itself will lead to more problems?
Many thanks,
J
Please follow the instructions in this sticky topic:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
Copy paste the logs into this topic and a helper will take a look at the system as soon as available.
Cheers.
Thanks for the post.
Apologies but I have not yet been able to complete an online scan (as per instructions) as the pop-ups seem to take over and as yet connection has been lost and/or things seem to have frozen before completion of the scan. However, I will keep trying incase this is down to network issues rather than my machine.
For now, I have run HiJackThis and the log report is as follows, I didn't want you to think I'd abandonded the thread!
J
Logfile of HijackThis v1.99.1
Scan saved at 20:08:20, on 14/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\msngr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\defender26.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\Program Files\BOINC\boinc_gui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Spyware Tools\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\defender26.exe
O4 - HKLM\..\Run: [SunServer] C:\Spyware Tools\sunserver.exe
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - Global Startup: BOINC.lnk = C:\Program Files\BOINC\boinc_gui.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\ir60l5jm1.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\mfwsock.dll (file missing)
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\en08l1du1.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\cputil.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\arlui.dll (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Microsoft Control Panel - Unknown owner - C:\WINDOWS\system32\msngr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
LonnyRJones
2006-06-17, 18:50
Having looked through a number of posts from others with Command on their
machines and read the advice given to them, this has not yet been suggested as a way of removing the problem program.
Please could anyone advise as to whether this would work or whether this in
itself will lead to more problems?
Dont use its uninstaller, it will remove lagitimate run items.
Download and run Look2Me-Destroyer: http://www.atribune.org/content/view/28/
After the pc has been restarted
Post its log and a fresh hijackthis log
Thanks, HiJackThis log copied below & Look2Me log in attached zip file as it's quite long.
Kind regards,
J
Logfile of HijackThis v1.99.1
Scan saved at 18:49:54, on 18/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U2FyYWg\command.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\defender26.exe
C:\WINDOWS\system32\lsyas.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\Program Files\BOINC\boinc_gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Windows\wWinUpdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Spyware Tools\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\defender26.exe
O4 - HKLM\..\Run: [SunServer] C:\Spyware Tools\sunserver.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [System Wizard] C:\WINDOWS\system32\\lsyas.exe
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - Global Startup: BOINC.lnk = C:\Program Files\BOINC\boinc_gui.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2FyYWg\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
LonnyRJones
2006-06-19, 02:05
Set windows to show hiddenfiles/folders and extensions
for XP systems Open any folder, Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Apply to confirm. Click OK.
Open a command prompt (start run type cmd press enter) type
sc delete "cmdservice"
press enter, type exit and press enter to exit the command prompt
1. Please download Ewido Anti-Malware (http://www.ewido.net/en/download/)
Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://download.ewido.net/ewido-signatures-full-current.exe)
2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As")
save as text Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
If it was saved as alcanshorty.bfu.txt rename to alcanshorty.bfu
Do not do anything with these yet!
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
4. Once in Safe Mode, Open Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.
Hi,
Following these instructions I downloaded & updated ewido (without the 'database not found' warning), downloaded & extracted BTU, and saved the alcanshorty.bfu file.
My first comment is that, after opening ewido to update it it wanted to run in the background, which wasn't mentioned in the instructions.
I then restarted my computer in Safe Mode, opened ewido and clicked on scanner & 'Complete System Scan'. However, unlike the statement in the instructions, I was not prompted to clean the first infection and so could not select this along with the 'Perform action on all infections' option, instead the scan continue (for about 30/40 mins) before completing and returning a list of problem items.
Each item had a 'Recommended Action' against it (e.g. quarantine, remove, etc.) and I then had the option to apply all recommended actions. I did this, and watched as a few items were dealt with but then the program seemed to stall. I had a look at Task Manager, which suggested that ewido was not responding, but I left it running for the day while I went to work (so it had about 10 hours). When I returned, however, the machine was still hung with the section of the screen where the Task Manager had been still greyed (as in the screen had not updated after closing the TM).
As such, I just had to switch off the machine. When I restarted it, however (still in Safe Mode) and chose to log in as my user id rather than administrator (same access rights anyway) the black screen appeared with 'Safe Mode' in each corner and Windows info across the top, but none of the desktop icons, task bar, Start button, etc. appeared ! I was able to start programmes using Ctrl-Alt-Del to get at the task manager, but this is not ideal and rather worrying !!
I have also subsequently re-started it not in safe mode and the same thing happens, with only the wallpaper appearing, and also re-started it in safe mode and logged in as Administrator, which does continue as expected showing the desktop icons, task bar, etc.
Please please could you offer some explanation as to what may have happened, and how it can be corrected ?!!
J
:(
LonnyRJones
2006-06-21, 16:12
Sorry to hear of those problems, were you able to run bfu and alcanshorty ?
If not do that please
Funnily enough, no I'd not run that as I was too concerned by the desperate state my machine has been left in.
I have, however, now run BTU and the subsequent HJT log is copied below. I still cannot use my machine properly and am only online now (& able to run the above) by going through some very convoluted back routes, and would be very grateful if you could provide any reassurance as to whether this problem will correct itself in the course of these actions ?!!
For info, there seem to be problems with explorer, I get 'not responding, exit now?' messages pertaining to explorer and when the computer hangs, if I end the explorer process in Task Manager it seems to free up again. Please could you give me any suggestions as to what has happened?
Kind regards,
J
Logfile of HijackThis v1.99.1
Scan saved at 20:24:20, on 22/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\explorer.exe
C:\Spyware Tools\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: (no name) - {8D4EA6BD-B21C-44FC-888D-E0B6D501D433} - C:\Program Files\Windows Media Player\saheqace.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] C:\Spyware Tools\sunserver.exe
O4 - HKLM\..\Run: [Network Card] C:\WINDOWS\system32\\ntsys.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: BOINC.lnk = C:\Program Files\BOINC\boinc_gui.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\hr8u05l9e.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Spyware Tools\Copy of ewido anti-spyware 4.0\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
LonnyRJones
2006-06-23, 00:30
Start Hijackthis and place a check next to these items If there.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: (no name) - {8D4EA6BD-B21C-44FC-888D-E0B6D501D433} - C:\Program Files\Windows Media Player\saheqace.dll
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Network Card] C:\WINDOWS\system32\\ntsys.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
====================================
Hit fix checked and close Hijackthis.
In the windows control panel addremove programs uninstall
WebHancer
surfsidekick
Reboot the pc afterwards
Run look2me destroyer again, after the pc has restarted its log should open post it.
Excellent !
I followed your instructions and my computer started up as normal with the desktop icons, task bar etc. all showing as one would expect, Thank You ! :)
Here is the resulting Look2Me Destroyer log:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 24/06/2006 00:44:04
Infected! C:\WINDOWS\system32\j4n20e5oeh.dll
Infected! C:\WINDOWS\system32\vamredir.dll
Infected! C:\WINDOWS\system32\sflogcfg.dll
Infected! C:\WINDOWS\system32\dnnhupnp.dll
Infected! C:\WINDOWS\system32\mboert2.dll
Infected! C:\WINDOWS\system32\vgdisp.dll
Infected! C:\WINDOWS\system32\patorec.dll
Infected! C:\WINDOWS\system32\cnb.dll
Infected! C:\WINDOWS\system32\snvsvc.dll
Infected! C:\WINDOWS\system32\myc70.dll
Infected! C:\WINDOWS\system32\ofbcconf.dll
Infected! C:\WINDOWS\system32\kpymgr.dll
Infected! C:\WINDOWS\system32\dgnwsock.dll
Infected! C:\WINDOWS\system32\PpxiNet.dll
Infected! C:\WINDOWS\system32\lv6209joe.dll
Infected! C:\WINDOWS\system32\en24l1fq1.dll
Infected! C:\WINDOWS\system32\hr6o05j3e.dll
Infected! C:\WINDOWS\system32\dZvclnt.dll
Infected! C:\WINDOWS\system32\j4n20e5oeh.dll
Infected! C:\WINDOWS\system32\d4j00e1meh.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047969.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047974.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0048978.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0048985.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0048988.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0049010.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046817.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046825.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046839.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046842.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046848.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045673.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045672.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045671.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045670.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045669.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045668.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045667.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045666.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045665.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045664.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045663.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045662.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045661.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045660.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045659.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045658.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045657.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045656.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045655.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045654.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045653.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045652.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045651.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045650.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045649.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045648.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045647.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046879.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046929.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047935.dll
Infected! C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047942.dll
Infected! C:\WINDOWS\System32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\j4n20e5oeh.dll
C:\WINDOWS\system32\j4n20e5oeh.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\vamredir.dll
C:\WINDOWS\system32\vamredir.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\sflogcfg.dll
C:\WINDOWS\system32\sflogcfg.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dnnhupnp.dll
C:\WINDOWS\system32\dnnhupnp.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mboert2.dll
C:\WINDOWS\system32\mboert2.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\vgdisp.dll
C:\WINDOWS\system32\vgdisp.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\patorec.dll
C:\WINDOWS\system32\patorec.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\cnb.dll
C:\WINDOWS\system32\cnb.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\snvsvc.dll
C:\WINDOWS\system32\snvsvc.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\myc70.dll
C:\WINDOWS\system32\myc70.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ofbcconf.dll
C:\WINDOWS\system32\ofbcconf.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kpymgr.dll
C:\WINDOWS\system32\kpymgr.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dgnwsock.dll
C:\WINDOWS\system32\dgnwsock.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\PpxiNet.dll
C:\WINDOWS\system32\PpxiNet.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lv6209joe.dll
C:\WINDOWS\system32\lv6209joe.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\en24l1fq1.dll
C:\WINDOWS\system32\en24l1fq1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\hr6o05j3e.dll
C:\WINDOWS\system32\hr6o05j3e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dZvclnt.dll
C:\WINDOWS\system32\dZvclnt.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j4n20e5oeh.dll
C:\WINDOWS\system32\j4n20e5oeh.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\d4j00e1meh.dll
C:\WINDOWS\system32\d4j00e1meh.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047969.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047969.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047974.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047974.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0048978.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0048978.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0048985.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0048985.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0048988.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0048988.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0049010.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0049010.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046817.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046817.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046825.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046825.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046839.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046839.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046842.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046842.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046848.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046848.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045673.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045673.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045672.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045672.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045671.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045671.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045670.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045670.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045669.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045669.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045668.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045668.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045667.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045667.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045666.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045666.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045665.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045665.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045664.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045664.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045663.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045663.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045662.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045662.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045661.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045661.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045660.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045660.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045659.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045659.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045658.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045658.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045657.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045657.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045656.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045656.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045655.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045655.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045654.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045654.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045653.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045653.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045652.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045652.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045651.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045651.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045650.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045650.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045649.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045649.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045648.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045648.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045647.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0045647.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046879.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046879.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046929.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0046929.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047935.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047935.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047942.dll
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP62\A0047942.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{47F77DC5-1221-4C1B-B43D-27CE96027926}"
HKCR\Clsid\{47F77DC5-1221-4C1B-B43D-27CE96027926}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A6905BFE-6E0C-4BA5-ACFB-2C4AB6601EC9}"
HKCR\Clsid\{A6905BFE-6E0C-4BA5-ACFB-2C4AB6601EC9}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D461E35B-38E5-4BD8-A656-B17785A49C24}"
HKCR\Clsid\{D461E35B-38E5-4BD8-A656-B17785A49C24}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
LonnyRJones
2006-06-24, 02:02
Good.
I suggest you run BFU and alcanshorty.bfu again, no need for safe mode this time.
Post a hijackthis log afterwards
Cheers, I've run BTU again and here's the fresh hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 10:50:57, on 24/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Spyware Tools\Copy of ewido anti-spyware 4.0\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\Program Files\?racle\w?wexec.exe
C:\Program Files\BOINC\boinc_gui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Spyware Tools\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] C:\Spyware Tools\sunserver.exe
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [Fzaeu] C:\Program Files\?racle\w?wexec.exe
O4 - Global Startup: BOINC.lnk = C:\Program Files\BOINC\boinc_gui.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Spyware Tools\Copy of ewido anti-spyware 4.0\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
LonnyRJones
2006-06-24, 12:23
Start Hijackthis and place a check next to these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [Fzaeu] C:\Program Files\?racle\w?wexec.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Manualy delete the C:\Program Files\oracle folder
Let us know of any problems
Thanks, I've done that and my machine now seems to be running noticeably faster and without any problems, sincere thanks. :bigthumb:
A fresh hijackthis log is copied below, please could you let me know whether everything is in order whether I should now be free from malware? If so I will update Windows to SP2.
Also, please could you let me know whether it would be ok to uninstall ewido now?
Many thanks again,
J
Logfile of HijackThis v1.99.1
Scan saved at 17:30:41, on 25/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Spyware Tools\Copy of ewido anti-spyware 4.0\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\Program Files\BOINC\boinc_gui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Spyware Tools\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] C:\Spyware Tools\sunserver.exe
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - Global Startup: BOINC.lnk = C:\Program Files\BOINC\boinc_gui.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Spyware Tools\Copy of ewido anti-spyware 4.0\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
LonnyRJones
2006-06-26, 02:03
Your log looks fine
Why Uninstall Ewido ? it will continue to function after the trial
I see you have a firewall but dont seem to have an antivirus program, whay is that ?
"Why Uninstall Ewido ?"
I guess I thought it didn't get on with my machine as I had some problems with using it, however thinking about this I guess you will tell me it was the malware not ewido causing the problems ! I think I just might be unsure what to do if I were to run it again sometime and have the same problem occur, except post another log to this unbelievably helpful and effective site.
"I see you have a firewall but dont seem to have an antivirus program, whay is that ?"
You are right, there was a Norton icon on my desktop which I falsely believed was working but on inspecting it during this process that is not the case. Having read some of the stickies on this site re prevention, I have now downloaded and installed AVG.
Regarding the SP2 update, I followed the link given in the sticky (http://www.microsoft.com/windowsxp/sp2/default.mspx) which stated that to use the page you must be running Internet Explorer 5 or later. I currently use Mozilla Firefox (recently updated to the latest version), is there a similar patch update for Firefow, or would I be better to get SP2 and start using IE ?
Many thanks once again.
Kind regards,
J
LonnyRJones
2006-06-27, 02:25
Are there any problems running scans with ewido now ?
Internet explorer is part of the operating system, it shpould be kept up to date even if you use an alternative browser.
Since your using avg now If Norton is mentioned in addremove programs uninstall it .
Id love to see a log after all the updates
Hi there,
As requested, here's an HJT log as after the SP2 update.
I have also tried running ewido and this time it ran with problems so it can stay!
There is however, a 'Command' listing in the Add/Remove Programs list, is this something I need to deal with ?
Kind regards,
J
Logfile of HijackThis v1.99.1
Scan saved at 07:27:37, on 28/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\Program Files\BOINC\boinc_gui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Spyware Tools\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] C:\Spyware Tools\sunserver.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: BOINC.lnk = C:\Program Files\BOINC\boinc_gui.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151431561342
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Spyware Tools\Copy of ewido anti-spyware 4.0\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
LonnyRJones
2006-06-28, 08:41
Does a check for problems with SpyBot show command service ?
If so try fixing it, let me know if its there the second scan
the mention of command (service) in addremove programs is nothing to be overly worried about, but we can address it.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Fantastic
LonnyRJones
2006-07-05, 03:03
jecard wrote
My thread now seems to have been archived but just wanted to send a final message to reply to LonnyRJones's last post and say that yes, SpyBot did show command service but managed to fix it fine, an express SINCERE THANKS for the help you've given !
Absolutely stirling job, you guys rock.
J
http://forums.spybot.info/images/smilies/bigthumb.gif
Great
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).