Hi I used spybot search and destroy and when searched all problems were fixed however I keep getting google search browsers poping up and other browsers. I just downloaded hijack this and here is my log file:

Logfile of HijackThis v1.99.1
Scan saved at 11:47:22 AM, on 7/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\xload.exe
C:\dfndrd_5.exe
C:\WINDOWS\SYSC00.exe
C:\Program Files\Common Files\{04DD6B1B-02EE-1033-0512-000005040001}\Update.exe
D:\Program Files\cursor\CursorXP.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\sys0881619739.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\good medicine\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton SystemWorks\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Peter\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys0319739816] C:\WINDOWS\sys0319739816.exe
O4 - HKCU\..\Run: [CursorXP] D:\Program Files\cursor\CursorXP.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/dfa1jbH2v5Ws_oFbpF3l.chm::/on-line.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F57CF841-1E79-4A87-B88C-C694A4294233}: NameServer = 24.153.23.66,24.153.22.195
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: fast.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\lv4809hue.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\lvju0919e.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

When I used spybot search and destroy it was in safe mode. As well I tried to use the panda software scan but I kept getting an error msg when I tried to click on the my computer icon.

I ran Macfee a couple of times and it deleted and cleaned a number of problems including some trojan files. However after repeated scans there are still files that always come up and are supposed to be deleted. They are adware look2 something. Here is my new Hijack this log.


Logfile of HijackThis v1.99.1
Scan saved at 8:43:00 PM, on 7/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\dfndrd_5.exe
C:\WINDOWS\SYSC00.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\{04DD6B1B-02EE-1033-0512-000005040001}\Update.exe
D:\Program Files\cursor\CursorXP.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Winamp\winamp.exe
D:\Program Files\Lucid\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Peter\LOCALS~1\Temp\msn.exe
C:\Program Files\good medicine\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uoguelph.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton SystemWorks\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Peter\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [sys0881619739] C:\WINDOWS\sys0881619739.exe
O4 - HKCU\..\Run: [CursorXP] D:\Program Files\cursor\CursorXP.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/dfa1jbH2v5Ws_oFbpF3l.chm::/on-line.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F57CF841-1E79-4A87-B88C-C694A4294233}: NameServer = 24.153.23.66,24.153.22.195
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: fast.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\irlsl5371.dll (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\lvju0919e.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

Hello and sorry for the wait.
If you are still in need of assistance please go here and post a link back to this topic to flag a helper.

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)


Also see:
You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)

This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.

Hi

Please disable SpybotSD TeaTimer for now
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon and Uncheck the box next to Teatimer.
"resident tea timer"protection of all-over system settings) active"
Close SpyBot.
We will remind you to turn it on later

Please download Look2Me-Destroyer.exe to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
http://www.atribune.org/content/view/28/
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 to five minute's. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Wait about Four minutes, Turn your computer back on.
Please post the contents of Look2Me-Destroyer.txt and a new HiJackThis log.

At Start-up I still recieved a pop-up about enhancing my internet experience.

Here is the Look2Me-Destroyer.txt:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 7/25/2006 11:09:11 PM

Infected! C:\WINDOWS\system32\irlsl5371.dll
Infected! C:\WINDOWS\system32\lvju0919e.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081848.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081852.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081865.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081866.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081867.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081868.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081869.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081870.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081871.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081872.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081873.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081874.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081875.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081885.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081892.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081898.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP846\A0082921.dll
Infected! C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP846\A0082922.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\lvju0919e.dll
C:\WINDOWS\system32\lvju0919e.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081848.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081848.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081852.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081852.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081865.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081865.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081866.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081866.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081867.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081867.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081868.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081868.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081869.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081869.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081870.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081870.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081871.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081871.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081872.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081872.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081873.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081873.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081874.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081874.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081875.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081875.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081885.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081885.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081892.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081892.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081898.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP845\A0081898.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP846\A0082921.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP846\A0082921.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP846\A0082922.dll
C:\System Volume Information\_restore{FB9C359E-C04C-46CF-9CF3-477F4FB95186}\RP846\A0082922.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


Here is the hijack this logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:47 PM, on 7/25/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\D-Tools\daemon.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SYSC00.exe
C:\Program Files\Common Files\{04DD6B1B-02EE-1033-0512-000005040001}\Update.exe
D:\Program Files\cursor\CursorXP.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\good medicine\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uoguelph.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton SystemWorks\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Peter\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [CursorXP] D:\Program Files\cursor\CursorXP.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/dfa1jbH2v5Ws_oFbpF3l.chm::/on-line.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F57CF841-1E79-4A87-B88C-C694A4294233}: NameServer = 24.153.23.66,24.153.22.195
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: fast.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe


I just got a party poker pop up.

Thanks for your help.

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Is your windows a legal copy ? if so why has it never been updated ?

I had a windows millenium disc for this computer which I recieved when i purchased the pc. Since my purchase I lossed the disc and had my friend who knows about computers format my computer and install exp on my computer. I tried once to update exp but I guess because its my friends copy it never worked.

Im not comfotable helping clean that pc.
If it cannot update it will just get infected again, plus you use filesharing.

Good luck.

Thanks for all your help. So is the problem that I don't have proper updates then? What if I used windows 95 from my old computer? I guess I'll just format then. Do you know any other places that will help me if you won't? Anyways if your not comfortable responding back, take care and thanks for your help.

Hi

Format and install of a legit copy of windows would save you tons of grief.
Get it updated as soon as a connection is available.
"What if I used windows 95"
win 95 on the internet will eventualy get infected to, i suggest keeping that pc off the internet completly.

Good luck

This topic has been archived. :)