Tech Support banner

Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
14 Posts
Discussion Starter #1
My Ctrl Alt Delete is not working. I found a few programs on free anti-virus programs that were called like taskkill.exe, and tasklist(or something like that) but when I went to look for it where it said it was so I could delete it, it was not there. Anyway, my "Complete" folder is getting flooded with like 1400 movie and exe files. My norton isn't finding these and neither is S&D.

What here do I need to "Fix"?


Logfile of HijackThis v1.99.1
Scan saved at 1:56:38 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\WINDOWS\system32\winlogi.exe
C:\Program Files\Plaxo\2.5.6.21\PlaxoHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\KEYBOA~1\keyexp.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Common Files\AOL\1128030415\ee\AOLSoftware.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
E:\Temporary Internet Files\Content.IE5\U9URKXI3\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.cpqcorp.net
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128030415\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.6.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.4.0.41/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.0.41/pool2/pool-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.4.0.41/mlslots/mlslots-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.0.41/freecell/freecell-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.0.41/poppit2/poppit2-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.0.41/squares/squares-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/spider/spider-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.4.0.41/stax/stax-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.4.0.41/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.0.41/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/wordwhomp2/whomp2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.41/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127920543086
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
Registered
Joined
·
6,574 Posts
Run HJT and fix:

O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe


Delete the follwoing folder and file:

C:\Program Files\MsMovies\
winlogi.exe << Search and delete.


Reboot the computer.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

Perform an online scan in Internet Explorer with Panda ActiveScan

  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please provide:
1 - A New HJT log
2 - Antispyware.log
3 - Panda ActiveScan results.
 

·
Registered
Joined
·
14 Posts
Discussion Starter #3 (Edited)
C:\Program Files\MsMovies\

Isnt in the Program Files Folder. If I type it up manually I get whats in that folder. Can I just delete those two things in the MsMovies folder? or how do I have to delete the entire folder?
 

·
Registered
Joined
·
6,574 Posts
JasonMac said:
C:\Program Files\MsMovies\

Isnt in the Program Files Folder. If I type it up manually I get whats in that folder. Can I just delete those two things n he MsMovies folder? or how do I delete the entire folder?
What I'm asking is for you to delete the folder MsMovies. and the file winlogi.exe when you find it, where ever you find it.
 

·
Registered
Joined
·
14 Posts
Discussion Starter #5
I got into the folder but can't delete the folder from the Program Files folder. I get into the the MsMovies folder and I do a properties on it and it is a Read Only and Hidden Folder. It wont let me take it off of Hidden so I can delete it.
 

·
Registered
Joined
·
6,574 Posts
Did you uninstall Ms<ovies from Add/Remove first?

Complete the instructions and we'll tackle any problems after.
 

·
Registered
Joined
·
14 Posts
Discussion Starter #7
Well it wasnt in the "Add/Remove" programs. But deleting what was in the folder fixed the ctrl alt delete. I am going through the final step now and will be posting all three reports for you just to double check again anyway in about 5 or 10 minutes. Thanks so far.

Also while I am thinking about it. I was forced to uninstall Limewire because it kept opening up. I'd exit and it would open up again. So I uninstalled it. I am sure once this is cleared up it will stop doing that too, but just though I would mention it while it crossed my mind.
 

·
Registered
Joined
·
14 Posts
Discussion Starter #8
Logfile of HijackThis v1.99.1
Scan saved at 4:01:11 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\1128030415\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Plaxo\2.5.6.21\PlaxoHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
E:\Temporary Internet Files\Content.IE5\DB0D5ISW\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.cpqcorp.net
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128030415\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.6.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.4.0.41/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.0.41/pool2/pool-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.4.0.41/mlslots/mlslots-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.0.41/freecell/freecell-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.0.41/poppit2/poppit2-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.0.41/squares/squares-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/spider/spider-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.4.0.41/stax/stax-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.4.0.41/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.0.41/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/wordwhomp2/whomp2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.41/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127920543086
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




Started Scanning
Internet Cookies
Found 'com.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning



Incident Status Location

Adware:adware/savenow No disinfected Windows Registry
Virus:W32/Gaobot.KQS.worm Disinfected C:\oo.exe
Adware:Adware/IST.YourSiteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\02D81FA6-193A-4887-8B7F-752C4F\A2FAB26F-439B-48FA-8104-81A8FE
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP28\A0010189.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP28\A0010224.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP29\A0010262.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP30\A0011222.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP31\A0011385.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP32\A0011774.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP33\A0012044.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP33\A0013043.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP34\A0013113.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP35\A0014136.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP35\A0015098.exe
Virus:W32/Gaobot.KQS.worm Disinfected C:\WINDOWS\system32\winlogi.exe
 

·
Registered
Joined
·
6,574 Posts
Please download CleanUp! (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Do not run it yet!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!!

=============================================

Your log is clean. Well done

Do you have any more problems with your computer? If not, you should be set to go.

However, there still remains a few bits of housekeeping ...

Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Clear Java Cache
  1. Click Start >Settings>Control Panel
  2. Click the Java Plugin Icon
  3. Click the Cache tab
  4. Click the Clear button and click OK to confirm
Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel

Follow the instructions outlined here to clear Sun Java's cache.


Create a new System Restore point
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK

Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you do not have a firewall, here are 3 free ones available for personal use:

In light of your recent hiccup, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top