Jump to content

To Trogan_1000, thankyou for your help, but still having problems


Recommended Posts

First time here and having a few problems finding my way around. I apologise for, most likely, posting in the wrong area!

Anyway my problem is a bloody annoying toolbar on the bottom of my my screen :hammer: ...here are the details... http://lop.com/passthrough/newpass2.html . I need to get rid of it because, it is REALLY in the way!!! If someone could please advise me it would much appreciated..Thanks.. :)

 

Link edited to protect others, (thank you pacman123 for the head's up)..........Y

Edited by Y kawika
Link to post
Share on other sites

Hi LJK! Welcome to PC Pitstop! :)

 

I need to see some logs if we are able to help you.

 

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.

  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Copy and paste the log here
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

 

=====

 

Also, I would like to see another log from HijackThis.

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button. It will open a Notepad file.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.
=====

 

Please post the HijackThis log, and the Uninstall list. :)

Link to post
Share on other sites

First time here and having a few problems finding my way around. I apologise for, most likely, posting in the wrong area!

Anyway my problem is a bloody annoying toolbar on the bottom of my my screen :hammer: ...here are the details... http://lop.com/passthrough/newpass2.html . I need to get rid of it because, it is REALLY in the way!!! If someone could please advise me it would much appreciated..Thanks.. :)

 

Link edited to protect others, (thank you pacman123 for the head's up)..........Y

 

Logfile of HijackThis v1.99.1

Scan saved at 8:30:10 PM, on 9/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.218

 

 

 

:( HERE IS THE LOG AFTER RUNNING HIJACK THIS. i'M SORRY IF THAT LINK i POSTED CAUSED ANY PROBLEMS.. OTHER LOG YOU REQUESTED IS AT THE BOTTOM..THANKYOU FOR YOUR HELP... :)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program files\EPoX\USDM\USDM.EXE

C:\WINDOWS\mHotkey.exe

C:\WHEELM~1\wh_exec.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {5CF6DE82-E459-0269-2EB5-20B91EB95C46} - C:\DOCUME~1\MYPC~1\APPLIC~1\AMENSE~1\Dog1.exe (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {B070220A-2CA1-5926-8A09-07928F2C470C} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program files\EPoX\USDM\USDM.EXE" "5000"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [WheelMouse] C:\WHEELM~1\wh_exec.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [First Find Intra Bird] C:\Documents and Settings\All Users\Application Data\interdebugfirstfind\Setup slow.exe

O4 - HKLM\..\Run: [Trust Dead Help Win] C:\Documents and Settings\All Users\Application Data\Software Play Trust Dead\Barb Soft.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: C:\DOCUME~1\MYPC~1\APPLIC~1\BALMNA~1\mix proxy love.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm491YYAU

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O17 - HKLM\Software\..\Telephony: DomainName = Q2961.wfix.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7EB2DC-0E74-4E2E-876F-632A6059918C}: NameServer = 203.2.75.132 198.142.0.51

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

 

NEXT LOG

 

Ad-aware 6 Personal

Adobe Acrobat 5.0

Adobe Flash Player 9

ArcSoft PhotoStudio 5.5

Avance AC'97 Audio

AVG Free Edition

Canon MP Navigator 2.0

Canon MP150

Canon Utilities Easy-PhotoPrint

CardRd81

CCScore

CompuPic

CR2

Easy-WebPrint

EPoX Magic BIOS

EPoX Unified System Diagnostic Manager (USDM)

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSgui

ESShelp

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

ESSTUTOR

ESSvpaht

ESSvpot

Google Toolbar for Internet Explorer

GrammarPro!

Hijackthis 1.99.1

HijackThis 1.99.1

HLPIndex

HLPRFO

InCD (Ahead Software)

Intel Application Accelerator

InterVideo WinDVD

iPod for Windows 2006-03-23

iTunes

J2SE Runtime Environment 5.0 Update 6

Kodak EasyShare software

LimeWire 4.12.6

Live.0nline.Po rtal

LiveUpdate

Living Beaches Wallpaper #2

Microsoft Data Access Components KB870669

Microsoft Office XP Media Content

Microsoft Office XP Professional with FrontPage

Microsoft Plus! for Windows XP

Microsoft Publisher 2000

MSN Messenger 7.5

Multimedia keyboard driver Ver1.05

My Web Search (Cursor Mania)

Natural Color

Nelson Maths for Victoria - Grade 4

Nero

Netscape Communicator 4.77

Notifier

NVIDIA Windows 2000/XP Display Drivers

OmniPage SE

OTtBP

OTtBPSDK

QuickTime

RealPlayer Basic

SANYO LD-ADPCM Audio CODEC uninstall

SANYO PC Memo Scriber

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

SFR

SHASTA

SKIN0001

SKINXSDK

Thinkers Keys

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

VPRINTOL

WheelMouse 3.11.0.007

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WIRELESS

Yahoo! Photos Easy Upload Tool 1v4

Yahoo! Toolbar

Link to post
Share on other sites

Hi LJK! Thanks for the logs, can you do the following pleae...

 

I don't see any indication of a Firewall in your HijackThis log. This may be because:

 

(1.) You are using Windows Firewall or a hardware Firewall.

(2.) You are using a Firewall of an unknown vendor.

(3.) You are using a Firewall, but it is disabled for unknown reasons

(4.) You don't use any firewall at all.

 

In the case you don't have a Firewall, please download one from the list below - They are Free!

 

Zone Alarm << I recommend this

Sunbelt Kerio PF

Outpost Firewall

 

=====

 

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

 

My Web Search (Cursor Mania)

 

Next, find and delete the following folder:

 

C:\Program Files\My Web Search << this folder

 

=====

 

Please Download NoLop to your desktop from one of the links below...

Link 1

Link 2

Link 3

  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
    • Carefully type or copy and paste this series of characters into the lower text area labelled Insert CLSID Here. Include the {}:

       

      {5CF6DE82-E459-0269-2EB5-20B91EB95C46}

  • Now click the button labelled "Search and Destroy"

    <<your computer will now be scanned for infected files>>

  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- Edited by Trogan_1000
Link to post
Share on other sites
  • 2 weeks later...

Sorry to start a new post, but I haven't beeen able to find the old one. And when I click on my email link, I get a javascript error!! :hammer: Anyway I still have the annoying toolbar on the bottom of my screen. I have started to follow your directions, but when I try to download the firewall program, my server keeps cutting me off. :pullhair:

I was hoping you may be able to post those instructions for me again. It would be much appreciated. I have some time over the next two days to really work on it..

 

Topics merged.........Y

Edited by Y kawika
Link to post
Share on other sites

Thanks again for your help...

Here are the latest logs... :adios:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 1:41:40 PM, on 9/24/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program files\EPoX\USDM\USDM.EXE

C:\WINDOWS\mHotkey.exe

C:\WHEELM~1\wh_exec.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5CF6DE82-E459-0269-2EB5-20B91EB95C46} - C:\DOCUME~1\MYPC~1\APPLIC~1\AMENSE~1\Dog1.exe (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {B070220A-2CA1-5926-8A09-07928F2C470C} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program files\EPoX\USDM\USDM.EXE" "5000"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [WheelMouse] C:\WHEELM~1\wh_exec.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [First Find Intra Bird] C:\Documents and Settings\All Users\Application Data\interdebugfirstfind\Setup slow.exe

O4 - HKLM\..\Run: [Trust Dead Help Win] C:\Documents and Settings\All Users\Application Data\Software Play Trust Dead\Barb Soft.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: C:\DOCUME~1\MYPC~1\APPLIC~1\BALMNA~1\mix proxy love.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O17 - HKLM\Software\..\Telephony: DomainName = Q2961.wfix.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7EB2DC-0E74-4E2E-876F-632A6059918C}: NameServer = 203.2.75.132 198.142.0.51

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32

\nvsvc32.exe

 

 

Uninstall list

 

Ad-aware 6 Personal

Adobe Acrobat 5.0

Adobe Flash Player 9

ArcSoft PhotoStudio 5.5

Avance AC'97 Audio

AVG Free Edition

Canon MP Navigator 2.0

Canon MP150

Canon Utilities Easy-PhotoPrint

CardRd81

CCScore

CompuPic

CR2

Easy-WebPrint

EPoX Magic BIOS

EPoX Unified System Diagnostic Manager (USDM)

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSgui

ESShelp

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

ESSTUTOR

ESSvpaht

ESSvpot

Evil Islands

Google Toolbar for Internet Explorer

GrammarPro!

Hijackthis 1.99.1

HijackThis 1.99.1

HLPIndex

HLPRFO

InCD (Ahead Software)

Intel Application Accelerator

InterVideo WinDVD

iPod for Windows 2006-03-23

iTunes

J2SE Runtime Environment 5.0 Update 6

Kodak EasyShare software

LimeWire 4.12.6

Live.0nline.Po rtal

LiveUpdate

Living Beaches Wallpaper #2

Microsoft Data Access Components KB870669

Microsoft Office XP Media Content

Microsoft Office XP Professional with FrontPage

Microsoft Plus! for Windows XP

Microsoft Publisher 2000

MSN Messenger 7.5

Multimedia keyboard driver Ver1.05

Natural Color

Nelson Maths for Victoria - Grade 4

Nero

Netscape Communicator 4.77

Notifier

NVIDIA Windows 2000/XP Display Drivers

OmniPage SE

OTtBP

OTtBPSDK

QuickTime

RealPlayer Basic

SANYO LD-ADPCM Audio CODEC uninstall

SANYO PC Memo Scriber

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

SFR

SHASTA

SKIN0001

SKINXSDK

Thinkers Keys

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

VPRINTOL

WheelMouse 3.11.0.007

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WIRELESS

Yahoo! Photos Easy Upload Tool 1v4

Yahoo! Toolbar

Link to post
Share on other sites

Hi LJK,

 

While we work to solve your problem, please do not you any Peer2Peer programs to download, accept what I ask you to.

 

You need to get a Firewall as instructed in my last post. If you are having problems with one of them, try the next one. If you cannot install any, please let me know what happens i.e error messages?

 

=====

 

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

 

Live.0nline.Po rtal << I can't find any info on this so uninstall it, unless you know that it is safe

 

LiveUpdate << Belongs to Norton, which you do not have anymore. It can go!

 

Living Beaches Wallpaper #2 << Uninstall if you do not need this

 

=====

 

Delete the current NoLop program if you still have it, and lets redownload and start again.

 

Please Download NoLop to your desktop from one of the links below...

Link 1

Link 2

Link 3

  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Carefully type or copy and paste this series of characters into the lower text area labelled Insert CLSID Here. Include the {}:

     

    {5CF6DE82-E459-0269-2EB5-20B91EB95C46}

  • Now click the button labelled "Search and Destroy"

    <<your computer will now be scanned for infected files>>

  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log along with a fresh HijackThis log. Also post a new Uninstall list please.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--
Link to post
Share on other sites

Hi LJK,

 

While we work to solve your problem, please do not you any Peer2Peer programs to download, accept what I ask you to.

 

You need to get a Firewall as instructed in my last post. If you are having problems with one of them, try the next one. If you cannot install any, please let me know what happens i.e error messages?

 

=====

 

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

 

Live.0nline.Po rtal << I can't find any info on this so uninstall it, unless you know that it is safe

 

LiveUpdate << Belongs to Norton, which you do not have anymore. It can go!

 

Living Beaches Wallpaper #2 << Uninstall if you do not need this

 

=====

 

Delete the current NoLop program if you still have it, and lets redownload and start again.

 

Please Download NoLop to your desktop from one of the links below...

Link 1

Link 2

Link 3

  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Carefully type or copy and paste this series of characters into the lower text area labelled Insert CLSID Here. Include the {}:

     

    {5CF6DE82-E459-0269-2EB5-20B91EB95C46}

  • Now click the button labelled "Search and Destroy"

    <<your computer will now be scanned for infected files>>

  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log along with a fresh HijackThis log. Also post a new Uninstall list please.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--

 

 

 

have run nolop...unable to copy and paste the log as I keep getting runtime error 75, path file access error. avg keeps popping up too...

will install firewall and get back to you..regards and thanks.

 

Logfile of HijackThis v1.99.1

Scan saved at 10:51:51 AM, on 9/30/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program files\EPoX\USDM\USDM.EXE

C:\WINDOWS\mHotkey.exe

C:\WHEELM~1\wh_exec.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5CF6DE82-E459-0269-2EB5-20B91EB95C46} - C:\DOCUME~1\MYPC~1\APPLIC~1\AMENSE~1\Dog1.exe (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {B070220A-2CA1-5926-8A09-07928F2C470C} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program files\EPoX\USDM\USDM.EXE" "5000"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [WheelMouse] C:\WHEELM~1\wh_exec.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [First Find Intra Bird] C:\Documents and Settings\All Users\Application Data\interdebugfirstfind\Setup slow.exe

O4 - HKLM\..\Run: [Trust Dead Help Win] C:\Documents and Settings\All Users\Application Data\Software Play Trust Dead\Barb Soft.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: C:\DOCUME~1\MYPC~1\APPLIC~1\BALMNA~1\mix proxy love.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O17 - HKLM\Software\..\Telephony: DomainName = Q2961.wfix.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7EB2DC-0E74-4E2E-876F-632A6059918C}: NameServer = 203.2.75.132 198.142.0.51

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

Ad-aware 6 Personal

Adobe Acrobat 5.0

Adobe Flash Player 9

ArcSoft PhotoStudio 5.5

Avance AC'97 Audio

AVG Free Edition

Canon MP Navigator 2.0

Canon MP150

Canon Utilities Easy-PhotoPrint

CardRd81

CCScore

CompuPic

CR2

Easy-WebPrint

EPoX Magic BIOS

EPoX Unified System Diagnostic Manager (USDM)

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSgui

ESShelp

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

ESSTUTOR

ESSvpaht

ESSvpot

Evil Islands

Google Toolbar for Internet Explorer

GrammarPro!

Hijackthis 1.99.1

HijackThis 1.99.1

HLPIndex

HLPRFO

InCD (Ahead Software)

Intel Application Accelerator

InterVideo WinDVD

iPod for Windows 2006-03-23

iTunes

J2SE Runtime Environment 5.0 Update 6

Kodak EasyShare software

LimeWire 4.12.6

Living Beaches Wallpaper #2

Microsoft Data Access Components KB870669

Microsoft Office XP Media Content

Microsoft Office XP Professional with FrontPage

Microsoft Plus! for Windows XP

Microsoft Publisher 2000

MSN Messenger 7.5

MSXML4 Parser

Multimedia keyboard driver Ver1.05

Natural Color

Nelson Maths for Victoria - Grade 4

Nero

Netscape Communicator 4.77

Notifier

NVIDIA Windows 2000/XP Display Drivers

OmniPage SE

OTtBP

OTtBPSDK

QuickTime

RealPlayer Basic

SANYO LD-ADPCM Audio CODEC uninstall

SANYO PC Memo Scriber

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB925486)

SFR

SHASTA

SKIN0001

SKINXSDK

Theme Hospital

Thinkers Keys

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

VPRINTOL

WheelMouse 3.11.0.007

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WIRELESS

Yahoo! Photos Easy Upload Tool 1v4

Yahoo! Toolbar

Link to post
Share on other sites

Hi LJK,

 

Please install a Firewall and post a new HijackThis log.

 

Then, download Findlop by Metallica. Unzip it to your desktop. Double click findlop.bat. It will open a notepad file. Copy the content of that file and paste it here in your reply.

Link to post
Share on other sites

Hi LJK,

 

Please install a Firewall and post a new HijackThis log.

 

Then, download Findlop by Metallica. Unzip it to your desktop. Double click findlop.bat. It will open a notepad file. Copy the content of that file and paste it here in your reply.

 

 

ok....here is the info finally.....I haven't seen that annoying toolbar today...hope it's gone... :)

 

 

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'Tune-up Application Start.job'

[TRACE] Printing all job properties

 

ApplicationName: 'walign'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'mleo'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 00/00/0000 0:00:00

NextRun: 10/04/2006 9:00:00

StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET

ExitCode: 0

Status: SCHED_S_TASK_HAS_NOT_RUN

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 1

KillIfGoingOnBatteries = 1

RunOnlyIfLoggedOn = 0

SystemRequired = 0

Hidden = 0

TaskFlags: 0

 

8 Triggers

 

Trigger 0:

Type: MonthlyDOW

Week: 1

DaysOfTheWeek: ...W...

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 11/22/1997

EndDate: 00/00/0000

StartTime: 09:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 1:

Type: MonthlyDOW

Week: 1

DaysOfTheWeek: ...W...

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 11/22/1997

EndDate: 00/00/0000

StartTime: 14:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 2:

Type: MonthlyDOW

Week: 1

DaysOfTheWeek: ...W...

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 11/22/1997

EndDate: 00/00/0000

StartTime: 19:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 3:

Type: MonthlyDOW

Week: 1

DaysOfTheWeek: ...W...

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 11/22/1997

EndDate: 00/00/0000

StartTime: 23:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 4:

Type: MonthlyDOW

Week: 1

DaysOfTheWeek: ......A

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 11/22/1997

EndDate: 00/00/0000

StartTime: 09:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 5:

Type: MonthlyDOW

Week: 1

DaysOfTheWeek: ......A

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 11/22/1997

EndDate: 00/00/0000

StartTime: 14:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 6:

Type: MonthlyDOW

Week: 1

DaysOfTheWeek: ......A

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 11/22/1997

EndDate: 00/00/0000

StartTime: 19:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 7:

Type: MonthlyDOW

Week: 1

DaysOfTheWeek: ......A

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 11/22/1997

EndDate: 00/00/0000

StartTime: 23:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Logfile of HijackThis v1.99.1

Scan saved at 11:40:32 AM, on 10/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program files\EPoX\USDM\USDM.EXE

C:\WINDOWS\mHotkey.exe

C:\WHEELM~1\wh_exec.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5CF6DE82-E459-0269-2EB5-20B91EB95C46} - C:\DOCUME~1\MYPC~1\APPLIC~1\AMENSE~1\Dog1.exe (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {B070220A-2CA1-5926-8A09-07928F2C470C} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program files\EPoX\USDM\USDM.EXE" "5000"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [WheelMouse] C:\WHEELM~1\wh_exec.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [First Find Intra Bird] C:\Documents and Settings\All Users\Application Data\interdebugfirstfind\Setup slow.exe

O4 - HKLM\..\Run: [Trust Dead Help Win] C:\Documents and Settings\All Users\Application Data\Software Play Trust Dead\Barb Soft.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: C:\DOCUME~1\MYPC~1\APPLIC~1\BALMNA~1\mix proxy love.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O17 - HKLM\Software\..\Telephony: DomainName = Q2961.wfix.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7EB2DC-0E74-4E2E-876F-632A6059918C}: NameServer = 203.2.75.132 198.142.0.51

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Q2961.wfix.com

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Link to post
Share on other sites

Hi LJK! Thanks for getting a Firewall...lets continue.

 

Open HijackThis

- Click the Do a system scan only button

- Check the following entries (below)

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

 

O2 - BHO: (no name) - {5CF6DE82-E459-0269-2EB5-20B91EB95C46} - C:\DOCUME~1\MYPC~1\APPLIC~1\AMENSE~1\Dog1.exe (file missing)

 

O3 - Toolbar: (no name) - {B070220A-2CA1-5926-8A09-07928F2C470C} - (no file)

 

O4 - HKLM\..\Run: [First Find Intra Bird] C:\Documents and Settings\All Users\Application Data\interdebugfirstfind\Setup slow.exe

O4 - HKLM\..\Run: [Trust Dead Help Win] C:\Documents and Settings\All Users\Application Data\Software Play Trust Dead\Barb Soft.exe

O4 - HKCU\..\Run: C:\DOCUME~1\MYPC~1\APPLIC~1\BALMNA~1\mix proxy love.exe

 

- Close ALL open windows (especially Internet Explorer!)

- Click Fix Checked

Close HiajckThis

 

=====

 

We need to view hidden files and folders:

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
=====

 

Find and Delete the following:

 

C:\Documents and Settings\All Users\Application Data\interdebugfirstfind <-- This folder

C:\Documents and Settings\All Users\Application Data\Software Play Trust Dead <-- This folder

C:\Documents and Settings\MYPC~1\Application Data\BALMNA~1 <-- This folder (The folder starts with BALMNA)

 

=====

 

You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

 

Please download Ewido to your Desktop or to your usual Download Folder.

http://www.ewido.net/en/download/

  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.

    Note: If the Update now option is grayed out, follow the steps below.

  • Click on Update on the toolbar.
  • Under Manual update, click on the Start Update button.
  • Wait until you see the Update succesfull message.
[*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.

Ewido manual updates.

Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

 

Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Once in Safe Mode:

 

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.

  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.

    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)

      Posted Image

  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the Ewido log.
Link to post
Share on other sites

Hi LJK,

 

Please install a Firewall and post a new HijackThis log.

 

Then, download Findlop by Metallica. Unzip it to your desktop. Double click findlop.bat. It will open a notepad file. Copy the content of that file and paste it here in your reply.

 

YOU ARE BRILLIANT!!!! :clap:

 

The bloody annoying toolbar is gone from my computer and I can't thank you enough.

I posted yesterday with the logs you asked for but obviously I did something wrong and it isn't there..but it doesn't matter now. I now have a firewall in place and all is good....THANK YOU SO MUCH for all your advice...

You help was so much appreciated...you have no idea how mad I was going.

take care LJK :)

Link to post
Share on other sites

YOU ARE BRILLIANT!!!! :clap:

 

The bloody annoying toolbar is gone from my computer and I can't thank you enough.

I posted yesterday with the logs you asked for but obviously I did something wrong and it isn't there..but it doesn't matter now. I now have a firewall in place and all is good....THANK YOU SO MUCH for all your advice...

You help was so much appreciated...you have no idea how mad I was going.

take care LJK :)

[/quote

 

 

Just read your message...don't know what is going on with this computer. Didn't see that five minutes ago..oh well...I read your instructions...should I still go ahead even though the annoying tool bar is gone....??

Fell like a bit of a tool myself at the moment.. :rolleyes:

Link to post
Share on other sites

Hi LJK, I'm glad everything is working again.

 

I assume you have removed the HijackThis entries, and deleted the folders? If so, could you also run the Ewido scan please. It would remove any leftovers plus extra. :)

Link to post
Share on other sites

Hi LJK, I'm glad everything is working again.

 

I assume you have removed the HijackThis entries, and deleted the folders? If so, could you also run the Ewido scan please. It would remove any leftovers plus extra. :)

 

 

I haven't done that yet... will do as you said......thankyou so much for your help....you do this voluntarily and i appreciate your help so much... :clap:

Link to post
Share on other sites
×
×
  • Create New...