View Full Version : cmd service and adware removal - have posted logs
gunnerchap
2006-10-05, 10:59
Have posted logs as requested. Have tried to follow other threads to remove, but think I need help with my own specific problems. Hope you can help.
Panda Online Scan
Incident Status Location
Adware:Adware/CommAd Not disinfected C:\WINDOWS\VGVycnkgQ2hhcG1hbg\asappsrv.dll
Adware:adware/sahagent Not disinfected C:\WINDOWS\system32\sahagent1003.exe
Spyware:spyware/whazit Not disinfected c:\windows\system32\fiz1
Adware:adware/superspider Not disinfected c:\windows\system32\system32.dll
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Adware:adware/look2me Not disinfected c:\windows\system32\guard.tmp
Adware:adware/ncase Not disinfected c:\windows\system32\msbb1.dll
Potentially unwanted tool:application/myway Not disinfected c:\windows\system32\Xcite.dll
Adware:adware/keenvalue Not disinfected c:\windows\system32\drivers\etc\hosts.bho
Adware:adware/msview Not disinfected c:\windows\inf\MSView.inf
Adware:adware/delfinmedia Not disinfected c:\keys.ini
Adware:adware/ucmore Not disinfected c:\ucmoreiex.exe
Adware:adware/dollarrevenue Not disinfected c:\drsmartload45a45a45p.exe
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Terry Chapman\Application Data\tvmcwrd.dll
Adware:adware/searchaid Not disinfected c:\windows\n_mfyhvb.log
Adware:adware/gator Not disinfected c:\windows\GatorPdpPlugin.log
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall5_40.exe
Spyware:spyware/betterinet Not disinfected c:\windows\susp.ini
Adware:adware/cws.searchmeup Not disinfected c:\windows\mstasks1.exe
Adware:adware/wintools Not disinfected c:\program files\common files\BTLINK
Adware:adware/savenow Not disinfected c:\windows\system32\wsxsvc
Adware:adware/maxifiles Not disinfected c:\program files\ToolBar888
Adware:adware/superbar Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/sidesearch Not disinfected Windows Registry
Adware:adware/virtualbouncer Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Adware:adware/comet Not disinfected Windows Registry
Spyware:spyware/clearsearch Not disinfected Windows Registry
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\nowrsel.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\wcpns.dll
Adware:Adware/DelFinMedia Not disinfected C:\WINDOWS\system32\dp_o13m09.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\lycmgr10.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\suhedsvc.dll
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\mny.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\drsmartload1135a.exe
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\iKsads.dll_tobedeleted
Adware:Adware/nCase Not disinfected C:\WINDOWS\system32\Xcite.exe
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\system32\KVI_111.dll
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\SHAgent.dll
Adware:Adware/RCSync Not disinfected C:\WINDOWS\system32\pr1ze5.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\igxpromn.dll_tobedeleted
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\n6l8lg3u16.dll
Adware:Adware/nCase Not disinfected C:\WINDOWS\system32\msbb.dll
Adware:Adware/VirtualBouncer Not disinfected C:\WINDOWS\system32\BO2202031216.dll
Virus:Trj/Downloader.L Disinfected C:\WINDOWS\inf\susp.inf
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\Downloaded Program Files\imloader.exe cont
gunnerchap
2006-10-05, 11:01
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall5_48.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall5_64.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_10.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_22.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_98.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\VGVycnkgQ2hhcG1hbg\command.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\VGVycnkgQ2hhcG1hbg\p3pVwB40kZ11w3Y1v0.vbs
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
Dialer:Dialer.DK Not disinfected C:\Documents and Settings\Terry Chapman\Local Settings\Application Data\Microsoft\Internet Explorer\V0.15.dat
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Terry Chapman\My Documents\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Terry Chapman\My Documents\SmitfraudFix\SmitfraudFix\Process.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\mc-110-12-0000904.exe
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\installer.exe
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\cmdinst.exe
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\4H4N4327\MTE3NDI6ODoxNg[1].exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\4H4N4327\install[1].exe
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PMR8DER\drsmartload1135a[1].exe
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\Yinstall[1].mp3
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\Installer[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\AntiPuper[1].exe[²PĒ]
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\deskbar_e[1].exe[deskbar.exe]
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\deskbar_e[1].exe[deskbar.exe][deskbar.dll]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MNGPMB\mcsh[1].mp3
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MNGPMB\installer[1].exe
Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MNGPMB\ucmoreiex[1].exe
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Cookies\girlies@go[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Cookies\girlies@realmedia[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Cookies\girlies@ad.yieldmanager[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Cookies\girlies@statcounter[2].txt
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\girlies\mt-uninstaller.exe
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\girlies\drsmartload1135a.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\girlies\mny.exe
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\ToolBar888\MyToolBar.dll
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\ToolBar888\Activate.exe
Adware:Adware/IconAds Not disinfected C:\Program Files\ToolBar888\Uninst.exe
Adware:Adware/SearchAid Not disinfected C:\Program Files\Network Monitor\netmon.exe
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Deskbar\deskbar.dll
Adware:Adware/ActiveSearch Not disinfected C:\deskbar.exe
gunnerchap
2006-10-05, 11:02
Dialer:Dialer.CMR Not disinfected C:\info6_s.cab[Information.exe]
Dialer:Dialer.ZE Not disinfected C:\info6_s.cab[Information_s.INF]
Dialer:Dialer.NQ Not disinfected C:\selltraxx.chm[/d_selltraxx.exe]
Virus:Trj/BKClient.B Not disinfected C:\winhelp.chm[/d_tony1.exe]
Dialer:Dialer.NQ Not disinfected C:\lanvixx.chm[/d_lanvixx.exe]
Dialer:Dialer.NQ Not disinfected C:\dimitdial.chm[/on-line.exe]
Hacktool:Exploit/CodeBase.S Not disinfected C:\dimitdial.chm[/1.htm]
Spyware:Spyware/Fstb Not disinfected C:\dimitdial.chm[/htm2chm_explorer]
Adware:Adware/ActiveSearch Not disinfected C:\deskbar_e18.exe[deskbar.exe]
Adware:Adware/ActiveSearch Not disinfected C:\deskbar_e18.exe[deskbar.exe][deskbar.dll]
Virus:Bck/Bifrose.ABN Disinfected C:\kybrdff_e19.exe
Adware:Adware/Look2Me Not disinfected C:\Installer4.exe
Adware:Adware/ISearch Not disinfected C:\MTE3NDI6ODoxNgnew.exe
Adware:Adware/Look2Me Not disinfected C:\warebundlenewer.exe
Adware:Adware/ActiveSearch Not disinfected C:\deskbar_e20.exe[deskbar.exe]
Adware:Adware/ActiveSearch Not disinfected C:\deskbar_e20.exe[deskbar.exe][deskbar.dll]
Adware:Adware/ActiveSearch Not disinfected C:\deskbar_e19.exe[deskbar.exe]
Adware:Adware/ActiveSearch Not disinfected C:\deskbar_e19.exe[deskbar.exe][deskbar.dll]
gunnerchap
2006-10-05, 11:03
Logfile of HijackThis v1.99.1
Scan saved at 18:10:16, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\qttask.exe
C:\program files\belkinud tools2.33\belkinud.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MyKazaaGold\MyGoldKazaa.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\MyKazaaGold\giFT\giFTl.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.alltheinternet.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\belkinud tools2.33\belkinud.exe sys_auto_run C:\Program Files\BELKINUD Tools2.33
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.alltheinternet.com (file missing)
O9 - Extra 'Tools' menuitem: Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.alltheinternet.com (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: XXX Viewer - {A438ECB4-B6A5-4966-9D7E-79ADD1BF8C67} - C:\DOCUME~1\TERRYC~1\LOCALS~1\Temp\ICD6.tmp\dialer.exe (file missing) (HKCU)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159258608281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
gunnerchap
2006-10-05, 15:28
Logfile of HijackThis v1.99.1
Scan saved at 14:13:43, on 05/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\qttask.exe
C:\program files\belkinud tools2.33\belkinud.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MyKazaaGold\MyGoldKazaa.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MyKazaaGold\giFT\giFTl.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.alltheinternet.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\belkinud tools2.33\belkinud.exe sys_auto_run C:\Program Files\BELKINUD Tools2.33
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.alltheinternet.com (file missing)
O9 - Extra 'Tools' menuitem: Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.alltheinternet.com (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: XXX Viewer - {A438ECB4-B6A5-4966-9D7E-79ADD1BF8C67} - C:\DOCUME~1\TERRYC~1\LOCALS~1\Temp\ICD6.tmp\dialer.exe (file missing) (HKCU)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159258608281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
Thank for your assistance - pls let me know if there are still problems. When I run SPYBOT - I get the following message:
SPYBOT Log
--- Search result list ---
Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Cookie: Cookie (10) (Cookie, nothing done)
Cache: Cache (462) (Cache, nothing done)
Congratulations!: No immediate threats were found. ()
When I fix them they are removed - but every time I shut down and restart they are back again - looks like they are no threat - just want to know what they are.
Thanks for your help in adavance.
LonnyRJones
2006-10-09, 09:20
Welcome to the forum
Uninstall SpywareBot (not SpyBot)
and if your willing to definatly uninstall that kazza program
Manualy delete the files in that panda report
Afterwards Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
gunnerchap
2006-10-09, 12:38
Hi - thanks for your help so far. You said to delete the files manually in the Panad Report, can you please confirm which files?
Thanks for your help.
LonnyRJones
2006-10-09, 14:16
Ok. some wont exist, Be extremly carefull, exact spelling and location counts.
C:\deskbar_e20.exe
C:\warebundlenewer.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\Installer4.exe
C:\kybrdff_e19.exe
C:\deskbar.exe
C:\Documents and Settings\girlies\mny.exe
C:\Documents and Settings\girlies\drsmartload1135a.exe
C:\Documents and Settings\girlies\mt-uninstaller.exe
C:\Documents and Settings\Terry Chapman\Local Settings\Application Data\Microsoft\Internet Explorer\V0.15.dat
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\sahagent1003.exe
c:\windows\system32\fiz1
c:\windows\system32\system32.dll
c:\windows\system32\atmtd.dll
c:\windows\system32\msbb1.dll
c:\windows\system32\Xcite.dll
c:\windows\system32\drivers\etc\hosts.bho
c:\windows\inf\MSView.inf
c:\keys.ini
c:\ucmoreiex.exe
c:\drsmartload45a45a45p.exe
C:\Documents and Settings\Terry Chapman\Application Data\tvmcwrd.dll
c:\windows\n_mfyhvb.log
c:\windows\GatorPdpPlugin.log
c:\windows\NDNuninstall5_40.exe
c:\windows\susp.ini
c:\windows\mstasks1.exe
C:\WINDOWS\system32\mny.exe
C:\WINDOWS\system32\drsmartload1135a.exe
C:\WINDOWS\system32\Xcite.exe
C:\WINDOWS\system32\KVI_111.dll
C:\WINDOWS\system32\SHAgent.dll
C:\WINDOWS\system32\pr1ze5.dll
C:\WINDOWS\system32\n6l8lg3u16.dll
C:\WINDOWS\system32\msbb.dll
C:\WINDOWS\system32\BO2202031216.dll
C:\WINDOWS\inf\susp.inf
c:\program files\ToolBar888 << This folder
c:\program files\common files\BTLINK << This folder
c:\windows\system32\wsxsvc << This folder
C:\WINDOWS\VGVycnkgQ2hhcG1hbg<< This folder
C:\Program Files\Deskbar << This folder
C:\Program Files\Network Monitor << This folder
C:\Program Files\ToolBar888 << This folder
C:\Program Files\SpywareBot << This folder
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
gunnerchap
2006-10-09, 15:28
Thanks again for your help.
You said delete the files from the Panda report, how do I do this, do I need to to run the report again, didn't see an option like HJT to fix. Pls advise.
Thanks
gunnerchap
2006-10-09, 22:07
Hi, Ignore the msg above, found where to view and delete above files.
Combofix report
Terry Chapman - 06-10-09 21:01:30.92 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Terry Chapman\Desktop"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{A3A972B7-867A-45CA-B20E-47D66FECA3E6}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3A972B7-867A-45CA-B20E-47D66FECA3E6}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3A972B7-867A-45CA-B20E-47D66FECA3E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3A972B7-867A-45CA-B20E-47D66FECA3E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\imrop.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\nowrsel.dll
C:\WINDOWS\system32\wcpns.dll
C:\WINDOWS\system32\lycmgr10.dll
C:\WINDOWS\system32\suhedsvc.dll
C:\WINDOWS\system32\iKsads.dll_tobedeleted
C:\WINDOWS\system32\igxpromn.dll_tobedeleted
C:\WINDOWS\system32\n6l8lg3u16.dll
C:\WINDOWS\system32\guard.tmp
Granting sedebugprivilege to Administrators ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\dfndrff_e19.exe
C:\dfndrff_e20.exe
C:\deskbar_e18.exe
C:\deskbar_e19.exe
C:\kybrdff_e20.exe
C:\nwnmff_e19.exe
C:\nwnmff_e20.exe
C:\WINDOWS\system.exe
C:\WINDOWS\RDFX4.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\Program Files\TheSearchAccelerator
C:\Program Files\Common Files\{3C600F9F-07D0-2057-1030-02082102002c}
((((((((((((((((((((((((((((((( Files Created from 2006-09-09 to 2006-10-09 ))))))))))))))))))))))))))))))))))
2006-10-03 17:28 282,601 --a------ C:\hijackthis_sfx.exe
2006-10-03 16:45 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-10-02 22:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-02 22:20 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-02 22:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-02 22:20 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-30 21:57 970,752 --a------ C:\WINDOWS\system32\VchReg.dll
2006-09-30 20:14 138,862 --a------ C:\WINDOWS\system32\mny.exe
2006-09-28 20:30 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-07 22:18 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
gunnerchap
2006-10-09, 22:08
Part 2
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPASTATUS"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\Status.exe"
"QuickTime Task"="C:\\WINDOWS\\System32\\qttask.exe"
"PLoader"="c:\\program files\\belkinud tools2.33\\belkinud.exe sys_auto_run C:\\Program Files\\BELKINUD Tools2.33"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"ToUcamVProperty"="C:\\PROGRA~1\\PHILIP~1\\VProperty.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QveCtl2Tray"="C:\\Program Files\\Philips\\PSA2\\skin\\QveCplSk.EXE C:\\Program Files\\Philips\\PSA2\\skin"
"Lexmark X74-X75"="\"C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\""
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.0\\SetHook.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061009-150700-416
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\{D0850EF7-FEB0-44A1-8C5F-1F88834F25D7}_TERRY_Terry Chapman.job
C:\WINDOWS\tasks\{B5A3C2CD-CCC0-4525-B1C0-D31C63BFED6C}_TERRY_Terry Chapman.job
C:\WINDOWS\tasks\{3DF5FAA5-620C-44FA-89F5-239C4045A0C1}_TERRY_Terry Chapman.job
Completion time: 09/10/2006 21:03:24.45
ComboFix.txt
LonnyRJones
2006-10-09, 23:01
Scan with hijackthis place a check next to this item and click fix checked
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
===============
Yes go get another panda online scan and post its report please
gunnerchap
2006-10-10, 20:58
Hi - Thanks for your continued help - deleted file and done a new Panda Scan.
Incident Status Location
Spyware:spyware/whazit Not disinfected c:\windows\system32\fiz1
Adware:adware/msview Not disinfected c:\windows\inf\MSView.inf
Adware:adware/delfinmedia Not disinfected c:\keys.ini
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Terry Chapman\Application Data\tvmcwrd.dll
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall5_48.exe
Adware:adware/cws.searchmeup Not disinfected c:\windows\mstasks2.exe
Adware:adware/searchaid Not disinfected c:\windows\n_mmpiqv.txt
Adware:adware/savenow Not disinfected c:\windows\system32\wsxsvc
Adware:adware/superbar Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/virtualbouncer Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/comet Not disinfected Windows Registry
Spyware:spyware/clearsearch Not disinfected Windows Registry
Adware:Adware/DelFinMedia Not disinfected C:\WINDOWS\system32\dp_o13m09.dll
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\mny.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall5_64.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_10.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_22.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\VGVycnkgQ2hhcG1hbg\asappsrv.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\VGVycnkgQ2hhcG1hbg\command.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\VGVycnkgQ2hhcG1hbg\p3pVwB40kZ11w3Y1v0.vbs
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
Dialer:Dialer.DK Not disinfected C:\Documents and Settings\Terry Chapman\Local Settings\Application Data\Microsoft\Internet Explorer\V0.15.dat
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Terry Chapman\My Documents\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Terry Chapman\My Documents\SmitfraudFix\SmitfraudFix\Process.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\mc-110-12-0000904.exe
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\installer.exe
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\cmdinst.exe
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\4H4N4327\MTE3NDI6ODoxNg[1].exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\4H4N4327\install[1].exe
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PMR8DER\drsmartload1135a[1].exe
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\Yinstall[1].mp3
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\dfndrff_e_uit[1].exe
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\Installer[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\AntiPuper[1].exe[²PĒ]
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\deskbar_e[1].exe[deskbar.exe]
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTMVSHYZ\deskbar_e[1].exe[deskbar.exe][deskbar.dll]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MNGPMB\mcsh[1].mp3
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MNGPMB\installer[1].exe
Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MNGPMB\ucmoreiex[1].exe
gunnerchap
2006-10-10, 20:59
Part 2
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Cookies\girlies@go[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Cookies\girlies@realmedia[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Cookies\girlies@ad.yieldmanager[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\girlies\Local Settings\Temp\Cookies\girlies@statcounter[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\girlies\Cookies\girlies@maxserving[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\girlies\Cookies\girlies@casalemedia[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\girlies\Cookies\girlies@toplist[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\girlies\Cookies\girlies@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\girlies\Cookies\girlies@adrevolver[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\girlies\Cookies\girlies@ad.yieldmanager[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\girlies\Cookies\girlies@statcounter[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\girlies\Cookies\girlies@xiti[1].txt
Dialer:Dialer.CMR Not disinfected C:\info6_s.cab[Information.exe]
Dialer:Dialer.ZE Not disinfected C:\info6_s.cab[Information_s.INF]
Dialer:Dialer.NQ Not disinfected C:\selltraxx.chm[/d_selltraxx.exe]
Virus:Trj/BKClient.B Not disinfected C:\winhelp.chm[/d_tony1.exe]
Dialer:Dialer.NQ Not disinfected C:\lanvixx.chm[/d_lanvixx.exe]
Dialer:Dialer.NQ Not disinfected C:\dimitdial.chm[/on-line.exe]
Hacktool:Exploit/CodeBase.S Not disinfected C:\dimitdial.chm[/1.htm]
Spyware:Spyware/Fstb Not disinfected C:\dimitdial.chm[/htm2chm_explorer]
LonnyRJones
2006-10-11, 03:09
Set windows to show hidden extensions file's and folder's.
click for> instructions. (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
delete these files and folders, be carefull of spelling
C:\winhelp.chm
C:\lanvixx.chm
c:\keys.ini
C:\dimitdial.chm
C:\info6_s.cab
C:\selltraxx.chm
C:\WINDOWS\NDNuninstall5_64.exe
C:\WINDOWS\NDNuninstall6_10.exe
C:\WINDOWS\NDNuninstall6_22.exe
c:\windows\mstasks2.exe
c:\windows\n_mmpiqv.txt
C:\WINDOWS\system32\dp_o13m09.dll
C:\WINDOWS\system32\mny.exe
c:\windows\system32\fiz1
c:\windows\inf\MSView.inf
C:\Documents and Settings\Terry Chapman\Application Data\tvmcwrd.dll
c:\windows\NDNuninstall5_48.exe
C:\WINDOWS\VGVycnkgQ2hhcG1hbg
c:\windows\system32\wsxsvc
Please download and unzip Ren-cmdservice to your desktop.
http://downloads.subratam.org/Lon/ren-cmdservice.zip
Open the ren-cmdservice folder by doubleclicking it and then doubleclick the
ren-cmdservice.bat file to run the program.
A text will open when it is finished, Post it please.
Then restart the PC run SpyBot check for and fix any problems found.
When next you check for problems it wont or shouldnt be there.
alternate download
http://www.bleepingcomputer.com/files/lonny/ren-cmdservice.zip
Post that log and mention any current problems
gunnerchap
2006-10-11, 15:07
ren-cmdservice log:
Running from C:\Desktop\ren-cmdservice
cmdService Not present
Post this in the forum please.
There don't appear to be any other problems - thank you so much for you help.
LonnyRJones
2006-10-12, 01:01
That good to hear
Delete ren-cmdservice.zip, its folder to and combofix.exe if they are ever needed again you would neen to re-download, they will probaly have been changed.
We will leave your thread open a few days in case of another problem, in the meantime
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
gunnerchap
2006-10-12, 09:59
Thanks again, once this file is downloaded, so I have to run it myself, or does is work on its own?
Everything else seems to be working fine now, have deleted other files as you recommended.
Thank you
LonnyRJones
2006-10-12, 10:04
Hello
Download the hosts.zip extract the files inside then run the batch file , it does the work for you
I cant describe it better that here :)http://www.mvps.org/winhelp2002/hosts2.htm
gunnerchap
2006-10-13, 23:52
Hello, I have downloaded the Hosts file. It ran very quickly, which is why I thought it wasn't working. I checked where it put it and its in the right place. Thank you.
Just one thing, when I start the PC i have a message windown pop up saying 'Program already runing'. You can't do anything with it, or know what it is referring to? Apart from that everything appears to be running as normal.
Many thanks for your help.
LonnyRJones
2006-10-14, 02:56
Lets look at another fresh hijackthis log
gunnerchap
2006-10-15, 15:01
New log as requested - thanks.
Logfile of HijackThis v1.99.1
Scan saved at 14:00, on 06-10-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.alltheinternet.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\belkinud tools2.33\belkinud.exe sys_auto_run C:\Program Files\BELKINUD Tools2.33
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.alltheinternet.com (file missing)
O9 - Extra 'Tools' menuitem: Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.alltheinternet.com (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: XXX Viewer - {A438ECB4-B6A5-4966-9D7E-79ADD1BF8C67} - C:\DOCUME~1\TERRYC~1\LOCALS~1\Temp\ICD6.tmp\dialer.exe (file missing) (HKCU)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159258608281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
LonnyRJones
2006-10-15, 15:17
Not sure whats cousing
"message windown pop up saying 'Program already runing'
You could open programs options like for incredimail/skype/kodac and tell it not to start with windows to trouble shoot.
I missed suggesting to fix this item
O9 - Extra button: XXX Viewer - {A438ECB4-B6A5-4966-9D7E-79ADD1BF8C67} - C:\DOCUME~1\TERRYC~1\LOCALS~1\Temp\ICD6.tmp\dialer.exe (file missing) (HKCU)
--------------------------------------------
Have Hijackthis fix it
gunnerchap
2006-10-17, 21:52
Have removed the file that you suggested, and changed Incredimail, Skype and Kodak not to start with windows. Will see how it goes.
Many thanks for your help.
LonnyRJones
2006-10-23, 12:04
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).