|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
07-23-2006, 04:19 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 11
OS: Windows XP
|
Very Slow PC, "pic009.com" infested possible trojan, hijacker, virus??
Hello,
I have a Toshiba A75-s206 that runs pretty slow after some hours of usage(a bout two hrs). I have DSL but sometimes pages take a long time to load. Also, when working with office documents, and I want to switch to another application (web browser), the computer lags for ever and ever and ever. I've also noticed that it takes about three minutes just to reload in the begining, and sometimes shut down takes a while as well. One additional problem that's been going on is that the sound doesn't work, it seems the sound drivers do not load up at start-up, and the sound also fails when I get svshost. error messages. I've done all the steps 1-5 on the main page and here's the log. I hope you guys can help me get my laptop back on track :-) :-) :-) Jose R Logfile of HijackThis v1.99.1 Scan saved at 4:08:12 PM, on 7/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\cplmcm.exe C:\WINDOWS\Explorer.EXE C:\Program Files\EzButton\EzButton.EXE C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Washer\washer.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\RssReader\RssReader.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\toshiba\ivp\ism\ivpsvmgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.trustyhound.com/sidebar-search.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg_75bf.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Core Library - {E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262} - C:\WINDOWS\System32\KDP31d9.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_75bf.dll" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [sFEQ3Fe] rouoci.exe O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\WINDOWS\..\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP31d9.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109456582\ee\AOLHostManager.exe O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_75bf.dll" O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [dox4RPKsX] rasimap.exe O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .thp: C:\Program Files\Internet Explorer\Plugins\NPLM32.DLL O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/downloa...Downloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: VET Message Service (VetMsgNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WKSSVC (Windows Kernel System Service) - Unknown owner - C:\WINDOWS\cplmcm.exe |
|
     |
| Sponsored Links |
|
07-24-2006, 07:08 PM
|
#3 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Hello and welcome to TSF!
I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please be patient with me during this time.
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.  UNITE/ASAP: Proud member since 2006 |
|
|
|
|
07-25-2006, 10:36 AM
|
#4 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Hello carganegativa18,
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Multiple Antivirus I see you have two or more antivirus programs installed. Multiple antivirus programs can bog down your system, interfere with each other, and may even cause crashes. I highly recommend you remove all but one of them using the Add/Remove Programs in the Control Panel. Unhide Files Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK. Download CleanUp! Download and install CleanUp! but do not run it yet. WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp! WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it. Download Ewido Please download, install, and update Ewido Anti-Spyware.
Submit For Analysis Please find the following file (via Start > Search) and submit the following file to Jotti File Scan: C:\WINDOWS\cplmcm.exeAt the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit". When it is finished, please copy the information listed under "Service" and "Scanner Results" into Notepad and save it on your Desktop so you can paste it with your next reply. Uninstall Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): SafeGuard Protect PCShield Reboot Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows. HijackThis Fixes Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any): R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.trustyhound.com/sidebar-search.phpPlease remember to close all other windows, including browsers then click Fix checked. Close HijackThis. Deletions Delete the following Folders/Files if they still exist: C:\Program Files\SafeGuard Protect PCShieldFind the following two files via Start > Search and delete them. rasimap.exe Run CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
Run Ewido
Reboot Reboot your system to Normal Mode. Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan.
With Your Next Post... Please paste the following with your next reply (in this order please):
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
New Fresh Logs
Looks like more malware has decided to take up residence on your computer since we last spoke. There's a lot to do, so make sure you read over everything and feel free to ask me any questions if you have any.
and select alcanshorty.bfu
Question: Programs are not in Add/Remove but...
Fresh logs Part I
