Posted: 2004-12-05 03:39pm
Thanks!Datana wrote: -snip-
StarDestroyer.Net BBS
Get your fill of sci-fi, science, and mockery of stupid ideas
http://bbs.stardestroyer.net/
Hijack This Log Thread
Page 4 of 30
Posted: 2004-12-05 03:53pm
Terminate With Extreme Prejudice!" wrote:R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {432D8C41-8586-11D8-997D-00C026232EB9} - C:\WINDOWS\bvm202.dll (file missing)
O2 - BHO: (no name) - {4AA56174-C01A-2FEF-8E53-155505A42648} - C:\WINDOWS\System32\eryeryfm.dll (file missing)
O2 - BHO: (no name) - {4BF76703-9241-76C2-8577-6D550EF22F65} - C:\WINDOWS\System32\ezl.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe <== Do you use this? If no, kill it.
O4 - HKLM\..\Run: [pkytkgkcv] C:\WINDOWS\System32\xrorby.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Pcwb4iJR.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <== KILL THIS AND REMOVE ALL AOL SOFTWARE OR IT WILL REINSTALL!
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [inres] C:\WINDOWS\inres.exe
O4 - HKCU\..\Run: [Bioipmiv] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup <== Kill this, it's obviously not working and it appears related to spyware
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Russell Davis\Application Data\eetu.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll <==I hate Real...
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\hsindvty.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/12af3703715d6b49e1 ... xIE601.cab <== Real.com Spyware. Now you know why I hate Real.
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/in ... Ssfitb.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O18 - Protocol: bw+0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5E97A26C-873B-4480-8456-B8C4D4C21340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Posted: 2004-12-05 08:24pm
allfixed my girlfriend is pure once more 
Posted: 2004-12-05 08:54pm
Shark Bait: This one's going to be kind of tricky. IBIS has numerous pieces which constantly restore each other, so you'll have to wipe out all of the processes at once to be able to keep the system clean.
First, take a look at this list:
Run the command "taskkill /pid [process1] /pid [process2] /f", adding however many /pid [process(n)] you need, where [process(n)] are the process ID numbers you want to kill. So, for example, if you want to kill three processes with PIDs 1024, 4096, and 8192, you'd use "taskkill /pid 1024 /pid 4096 /pid 8192 /f".
After that's done, kill the following entries via HJT!:
First, take a look at this list:
Call up the Task Manager (CTRL-ALT-DEL, usually followed by just clicking on the appropriate tab), and note the process ID numbers of these programs (if PID doesn't appear next to each application, then View->Select Columns, then check the PID box and hit OK). Next, call up the command line (cmd from the Run prompt).C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
Run the command "taskkill /pid [process1] /pid [process2] /f", adding however many /pid [process(n)] you need, where [process(n)] are the process ID numbers you want to kill. So, for example, if you want to kill three processes with PIDs 1024, 4096, and 8192, you'd use "taskkill /pid 1024 /pid 4096 /pid 8192 /f".
After that's done, kill the following entries via HJT!:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
Posted: 2004-12-06 02:26am
sorry to be the difficult one but that dident work either, after entering "taskkill/pid...ect..."
i recieved the message that 'taskkill' is not recognized as an internal or external command, operable program or batch file.
so what do i do did i enter the wrong command or is my system just particularly screwy
i recieved the message that 'taskkill' is not recognized as an internal or external command, operable program or batch file.
so what do i do did i enter the wrong command or is my system just particularly screwy
Posted: 2004-12-06 02:46am
Please be sure that you are typing in the commandline correctly -- since you're running Windows XP, it should work (it's called "kill" in W2k and is missing entirely from Win9x/ME, for reference, but this shouldn't be applicable in your case). Not sure if it's specific to Windows XP Pro, though, as that's what I'm running (HJT! doesn't differentiate between Pro and Home).Shark Bait wrote:sorry to be the difficult one but that dident work either, after entering "taskkill/pid...ect..."
i recieved the message that 'taskkill' is not recognized as an internal or external command, operable program or batch file.
so what do i do did i enter the wrong command or is my system just particularly screwy
If you still can't get it to work, you're going to have to terminate the processes one-by-one though the Task Manager and hope they don't restore. This will lead to a frustrating game of whack-a-mole, but you should be able to get them all if you're fast; give priority to killing WToolsA and WToolsS first.
Posted: 2004-12-06 03:06am
I'm thinking that he should be able to change the priority level on those processes to the bottom, so that he'll have a little more time to kill them.Datana wrote:If you still can't get it to work, you're going to have to terminate the processes one-by-one though the Task Manager and hope they don't restore. This will lead to a frustrating game of whack-a-mole, but you should be able to get them all if you're fast; give priority to killing WToolsA and WToolsS first.
Posted: 2004-12-06 10:03am
It cant be done, the command prompt doesent work and the tasks cant even be selected fast enough, I'm sick of this it should be absolutly illegal. A telemarketing firm can be carged up to $50,000 US for calling somone who has said "Take me off your list" this should be just as punishable. Untill then I offer my life savings to anyone who brings me the hands and eyes of the people who programed this damn thing.Crayz9000 wrote:I'm thinking that he should be able to change the priority level on those processes to the bottom, so that he'll have a little more time to kill them.Datana wrote:If you still can't get it to work, you're going to have to terminate the processes one-by-one though the Task Manager and hope they don't restore. This will lead to a frustrating game of whack-a-mole, but you should be able to get them all if you're fast; give priority to killing WToolsA and WToolsS first.
EDIT: I have done it, I destroyed the satanic creation. The answer was much more simple than origionally thought, all I had to do was start the computer in safe mode then go to C:\program files\comonfiles and C:\program files\toolbar then delete the files then I ran spybot and adaware and deleted what came up under the ibis tool bar listings. Lastly i ran HijackThis! and deleted everything on the list that I was provided with. so Have to say THANKS to everyone who helped me with this my precious Bridget is healthy once more. HOWEVER, my offer of cash for the hands/eyes of programers who create these things stands.
Posted: 2004-12-06 02:51pm
Yeah, Safe Mode is typically a last resort for problem apps, although sometimes they figure out a way to load even then.
I usually recommend reformatting and reinstalling when a computer gets badly infected enough, just so you know it's clean instead of always wondering if you got every last fucking piece of spyware. But it's a little extreme, so it's more or less the absolute last case resort.
I usually recommend reformatting and reinstalling when a computer gets badly infected enough, just so you know it's clean instead of always wondering if you got every last fucking piece of spyware. But it's a little extreme, so it's more or less the absolute last case resort.
Posted: 2004-12-06 08:00pm
Help? wrote:Logfile of HijackThis v1.98.2
Scan saved at 5:59:02 PM, on 12/6/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\apisr32.exe
C:\WINDOWS\ipkz32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matthew\Desktop\HijackThis\HijackThis19802.exe
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {5AF27B88-58BE-EDE2-DEDC-AC150AF3E5C5} - C:\WINDOWS\system32\netjo.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ipkz32.exe] C:\WINDOWS\ipkz32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 5479666845
Posted: 2004-12-06 09:30pm
Beowulf: You have a few entries that are definitely nukable, and one which I'm not sure of (O4 - HKLM\..\Run: [ipkz32.exe] C:\WINDOWS\ipkz32.exe). It might be part of your system's driver set, or might be part of other spyware. I'd kill it, as I can't find data on any legitimate programs that's a match, and it doesn't appear to be critical for any of your system's functions. If you already know what it is, you can leave it.
Terminate ipkz32.exe and apisr32.exe before killing entries to be on the safe side; I already mentioned the former, and the latter is also unfamiliar to me and doesn't show up in any web searches.
As for definitely killable entries, however:
Terminate ipkz32.exe and apisr32.exe before killing entries to be on the safe side; I already mentioned the former, and the latter is also unfamiliar to me and doesn't show up in any web searches.
As for definitely killable entries, however:
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {5AF27B88-58BE-EDE2-DEDC-AC150AF3E5C5} - C:\WINDOWS\system32\netjo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
Posted: 2004-12-06 11:21pm
can't kill either process. Gives me an access denied error. And of course, they get recreated after they get deleted. *sigh*Datana wrote:Beowulf: You have a few entries that are definitely nukable, and one which I'm not sure of (O4 - HKLM\..\Run: [ipkz32.exe] C:\WINDOWS\ipkz32.exe). It might be part of your system's driver set, or might be part of other spyware. I'd kill it, as I can't find data on any legitimate programs that's a match, and it doesn't appear to be critical for any of your system's functions. If you already know what it is, you can leave it.
Terminate ipkz32.exe and apisr32.exe before killing entries to be on the safe side; I already mentioned the former, and the latter is also unfamiliar to me and doesn't show up in any web searches.
As for definitely killable entries, however:O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {5AF27B88-58BE-EDE2-DEDC-AC150AF3E5C5} - C:\WINDOWS\system32\netjo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
Posted: 2004-12-06 11:23pm
If you're using Windows XP Professional, look a few posts back to see the syntax of TASKKILL.EXE and use those to try and terminate the processes.
If that fails, reboot to Safe Mode, search for and delete those programs.
If that fails, reboot to Safe Mode, search for and delete those programs.
Posted: 2004-12-07 02:41am
Have XP home. Regardless, I can't close those processes. In any case, I still get pop up spam after deleting those programs.Crayz9000 wrote:If you're using Windows XP Professional, look a few posts back to see the syntax of TASKKILL.EXE and use those to try and terminate the processes.
If that fails, reboot to Safe Mode, search for and delete those programs.
Posted: 2004-12-07 01:13pm
If you can't close the processes, did you delete the programs via Safe Mode, then? It wasn't clear from your phrasing; was it that, or did you try and eliminate the programs in the HJT! list?Beowulf wrote:Have XP home. Regardless, I can't close those processes. In any case, I still get pop up spam after deleting those programs.Crayz9000 wrote:If you're using Windows XP Professional, look a few posts back to see the syntax of TASKKILL.EXE and use those to try and terminate the processes.
If that fails, reboot to Safe Mode, search for and delete those programs.
Regardless, try rerunning HijackThis! and updating your initial log posted above; this looks like it's a particularly persistent infestation, and it'll need to be given the special treatment again. Also, download LSPFix before proceeding; it'll repair your Internet access if it starts spewing errors due to the removal of calsp.dll.
Posted: 2004-12-08 07:30pm
Can someoneplease help me with this? My computer is a slow fucking pig, and I'm trying to speed it up a bit.
http://dillon.hollosite.com/hijackthis.log
EDIT: Resolved
http://dillon.hollosite.com/hijackthis.log
EDIT: Resolved
Posted: 2004-12-09 01:28am
Would someone mind taking a look at my HJT log? It's on the first page, but seems to have been tragically forgottten. 
Posted: 2004-12-09 02:28am
Eh. Looks like I missed one; sorry about that. You're currently infected with a trojan (SVCh0st). Start out by terminating shch.exe and system32.exe from the taskbar, then kill the following entries:3rd Impact wrote:Would someone mind taking a look at my HJT log? It's on the first page, but seems to have been tragically forgottten.
Couldn't find anything on the eingang69 pr0n downloader, so I'm treating it as malicious. Points Manager comes loaded on normal KaZaA -- if you have to keep using it for whatever reason, switch to Kazaa Lite to keep it from coming back. The other entries are all connected with your trojan problem. Be sure to run a full antivirus scan (with fully updated definitions) after removal to see if you have anything else on your system, as there might be other stuff lurking which a spyware scan won't see.O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] system32.exe
O16 - DPF: {067D7797-04FC-42B1-92DB-81FC6CD318FD} (Dlctrl) - http://www.eingang69.de/EroticAccess/ocx/dlctrl.ocx
Some unessential entries follow; they're resource hogs, but aren't usually used and can be safely disabled in most cases.
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Posted: 2004-12-09 03:02am
You're infected with a worm (SDBOT.JP -- your system is a DDOSing zombie right now, which probably accounts for its slowness). You also have CWS -- run CWShredder, the link for which has been posted in the FAQ, as HJT! isn't fully effective against it. Assuming you've done that, terminate nvsc32.exe, qsosrv.exe, and pmeac.exe to start off; if you can't, then you'll need to delete the executables from Safe Mode and try the cleanup from there. Afterwards, kill the following entries:observer_20000 wrote:Can someoneplease help me with this? My computer is a slow fucking pig, and I'm trying to speed it up a bit.
Nearly all of these are worm-created entries (except for SEARCH~1.DLL and WinTaskAd.exe, which are CWS components and should hopefully disappear if you've run CWShredder). Many of these seem legit at first glance, but some things jump out at you on a more detailed look -- for instance, why do you have both nVidia and ATi driver stubs, and why are their names slightly wrong?O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O4 - HKLM\..\Run: [Windows Update] pmeac.exe
O4 - HKLM\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKLM\..\Run: [Windows Scanner] wscr32.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\RunServices: [Microsoft Disk Scanner] scansdisk.exe
O4 - HKLM\..\RunServices: [Windows Update] pmeac.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] qsosrv.exe
O4 - HKLM\..\RunServices: [ATI Chipset] atiptxx.exe
O4 - HKLM\..\RunServices: [Windows Scanner] wscr32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] torasos.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKCU\..\Run: [ATI Chipset] atiptxx.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] torasos.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
Anyway, same advice to you as to 3rd Impact -- rescan with an fully updated antivirus program after you purge these and patch your box. The worm can only get in if you're not up to date on security patches, so establishing a firewall (which comes on automatically if you upgrade to SP2, which is recommended) and closing off holes is essential.
EDIT: Fixed an annoying typo.
EDIT 2: Added a link to the FAQ and clarified some statements.
Posted: 2004-12-09 03:53am
Oh my God! Thank you so much! I never thought my computer could run so smoothly! 
Posted: 2004-12-12 01:55pm
Much appreciated, Datana; thanks for your time.
Posted: 2004-12-15 10:09am
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\system32\winb2s32.dll
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LimeWire 4.2.2.lnk = C:\Program Files\LimeWire\LimeWire 4.2.2\LimeWire.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
I let my sister in law use my comp only to find a whole array of new icons on my desktop.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\system32\winb2s32.dll
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LimeWire 4.2.2.lnk = C:\Program Files\LimeWire\LimeWire 4.2.2\LimeWire.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
I let my sister in law use my comp only to find a whole array of new icons on my desktop.
Posted: 2004-12-15 01:14pm
bohemianfey: Not too bad, all things considered. A few pieces of spyware, but otherwise, a pretty well-run box compared to some of the others that have come through. Some people actually like the Viewpoint Toolbar, but as it's still spyware, I'm lumping it with the "must kill" entries for now. If cleaning these entries doesn't work, please repost a whole log rather than the fragment that's up now.
These are entries which must be purged:
These are entries which must be purged:
This last entry is optional; I don't know of anyone who actually uses WinZip Quick Picks, so it's probably safe to get rid of:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\system32\winb2s32.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Posted: 2004-12-15 01:37pm
Logfile of HijackThis v1.98.2
Scan saved at 10:36:16 AM, on 12/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LimeWire\LimeWire 4.2.2\LimeWire.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Deirdre\My Documents\Unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LimeWire 4.2.2.lnk = C:\Program Files\LimeWire\LimeWire 4.2.2\LimeWire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
Although the problems seemed to be someone fixed I'd like to post the whole log, just in case. You can never be too safe with your computer if you ask me.
Scan saved at 10:36:16 AM, on 12/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LimeWire\LimeWire 4.2.2\LimeWire.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Deirdre\My Documents\Unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LimeWire 4.2.2.lnk = C:\Program Files\LimeWire\LimeWire 4.2.2\LimeWire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
Although the problems seemed to be someone fixed I'd like to post the whole log, just in case. You can never be too safe with your computer if you ask me.
Posted: 2004-12-15 03:41pm
Looks pretty clean now. Just kill the two indicated entries again, and you should be clear. You'll probably have to delete the extra desktop icons left over manually, but that shouldn't be much trouble.bohemianfey wrote:Although the problems seemed to be someone fixed I'd like to post the whole log, just in case. You can never be too safe with your computer if you ask me.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)