Computer is acting weird [Solved]

Comments

• jmoney3457 Maine

  July 2006 edited July 2006

  Hi Loot, yes you are quite infected but first lets take care of the purity scan adware from the C:\DOCUME~1\Owner\MYDOCU~1\CURITY~1\wuauboot.exe entry...to remove it please run the uninstaller from here-->http://www.outerinfo.com/OiUninstaller.exe reboot then post a new hjt log please along w/ how the uninstalling went;)

  0
• LootSubu42

  July 2006 edited July 2006

  Hey, thank you so much!
  The uninstall went fine and here is the new hijackthis log:
  
  
  
  Logfile of HijackThis v1.99.1
  Scan saved at 5:35:08 PM, on 7/15/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5346.0005)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
  C:\Program Files\Softex\OmniPass\Omniserv.exe
  C:\Program Files\Spyware Doctor\sdhelp.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\wdfmgr.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\BroadJump\Client Foundation\CFD.exe
  C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\outlook\outlook.exe
  C:\PROGRA~1\Yahoo!\browser\ycommon.exe
  C:\Program Files\D-Tools\daemon.exe
  C:\Program Files\Spyware Doctor\swdoctor.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\OutLoud\CoolKill\CoolKill.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\HijackThis\HijackThis.exe
  C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
  R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
  F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fsndi.exe
  F2 - REG:system.ini: UserInit=userinit.exe,pougtaq.exe
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
  O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [winlog] winlog.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
  O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
  O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
  O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
  O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
  O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
  O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
  O4 - HKLM\..\RunServices: [winlog] winlog.exe
  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
  O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
  O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
  O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
  O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
  O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
  O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
  O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
  O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
  O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
  O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

  0
• jmoney3457 Maine

  July 2006 edited July 2006

  k loot very good, no problem.. now could you please do this for me... go to http://virusscan.jotti.org/ and upload
  C:\WINDOWS\system32\fsndi.exe and allow it scan and copy/paste the results in your next reply

  0
• LootSubu42

  July 2006 edited July 2006

  Alright, hopefully this is what you wanted:
  
  
  File: fsndi.exe
  
  Status:
  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
  
  MD5 34927efd7594648462bb18e713ada55f
  
  Packers detected:
  ASPACK
  
  Scanner results
  
  AntiVir
  Found Trojan/Dldr.Qoolog.bj.3
  
  ArcaVir
  Found Trojan.Downloader.Qoologic.Bj
  
  Avast
  Found Win32:Qoologic-AI
  
  AVG Antivirus
  Found Downloader.Generic.ZIV
  
  BitDefender
  Found Trojan.Downloader.Qoologic.BC
  
  ClamAV
  Found nothing
  
  Dr.Web
  Found Trojan.Qoologic
  
  F-Prot Antivirus
  Found W32/Downloader.SJB
  
  Fortinet
  Found W32/Qoologic.BJ!tr.dldr
  
  Kaspersky Anti-Virus
  Found Trojan-Downloader.Win32.Qoologic.bj
  
  NOD32
  Found Win32/TrojanDownloader.Qoologic.BJ
  
  Norman Virus Control
  Found W32/Qoologic.HW
  
  UNA
  Found TrojanDownloader.Win32.Qoologic
  
  VirusBuster
  Found Trojan.DL.Qoologic.AI
  
  VBA32
  Found Trojan-Downloader.Win32.Qoologic.bj
  
  
  Thanks!

  0
• jmoney3457 Maine

  July 2006 edited July 2006

  ah the qoologic infection..loot please follow the instructions outlined here-->http://www.short-media.com/forum/showthread.php?t=47766 & when finished please return with the qoologic fix logfile and new HJT log

  0
• LootSubu42

  July 2006 edited July 2006

  Ok - here is the qoofix log file:
  
  Qoofix v1.02 by http://www.malwarebytes.org
  Scan started on [7/16/2006] at [10:06:10 PM]

  ---

  Terminated module: uqwyacc.dll found in Qoofix.exe (3384)
  Terminated module: uqwyacc.dll found in wscntfy.exe (1012)
  Terminated module: uqwyacc.dll found in ojwyjt.exe (1000)
  Terminated module: uqwyacc.dll found in explorer.exe (1796)
  Terminated module: uqwyacc.dll found in fsndi.exe (1960)
  Terminated module: uqwyacc.dll found in fsndi.exe (460)
  Terminated module: uqwyacc.dll found in fsndi.exe (420)
  Terminated module: uqwyacc.dll found in wuauclt.exe (536)
  Terminated module: uqwyacc.dll found in CFD.exe (2012)
  Terminated module: uqwyacc.dll found in ybrwicon.exe (244)
  Terminated module: uqwyacc.dll found in MotiveSB.exe (2052)
  Terminated module: uqwyacc.dll found in ycommon.exe (2116)
  Terminated module: uqwyacc.dll found in outlook.exe (2160)
  Terminated module: uqwyacc.dll found in daemon.exe (2188)
  Terminated module: uqwyacc.dll found in qttask.exe (2252)
  Terminated module: uqwyacc.dll found in FilmLoop.exe (2300)
  Terminated module: uqwyacc.dll found in Updater.exe (2320)
  Terminated module: uqwyacc.dll found in v1201.exe (2432)
  Terminated module: uqwyacc.dll found in aim.exe (2536)
  Terminated module: uqwyacc.dll found in RegistryRepairPro.exe (2568)
  Terminated module: uqwyacc.dll found in svchostsys.exe (2628)
  Terminated module: uqwyacc.dll found in CoolKill.exe (2812)
  Terminated module: uqwyacc.dll found in Ymsgr_tray.exe (3000)
  Terminated module: uqwyacc.dll found in mpbtn.exe (3040)
  Terminated module: uqwyacc.dll found in AOLacsd.exe (2644)
  Terminated module: uqwyacc.dll found in MSOHELP.EXE (392)
  Terminated module: uqwyacc.dll found in win41.tmp.exe (2968)
  Terminated module: uqwyacc.dll found in firefox.exe (2776)
  Terminated module: uqwyacc.dll found in explorer.exe (3812)

  ---

  C:\WINDOWS\system32\fsndi.exe will be deleted on reboot!
  C:\WINDOWS\system32\ojwyjt.exe will be deleted on reboot!
  C:\WINDOWS\system32\pougtaq.exe will be deleted on reboot!
  C:\WINDOWS\system32\thlcu.dat will be deleted on reboot!
  C:\WINDOWS\system32\uqwyacc.dll will be deleted on reboot!
  C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hriap.exe will be deleted on reboot!
  
  User prompted YES to reboot, system now rebooting...

  ---

  Scan COMPLETED SUCCESSFULLY on [7/16/2006] at [10:07:55 PM]
  
  Note: Some registry keys may have been removed.
  
  
  
  
  
  
  And here is the hijackthis log file:
  
  Logfile of HijackThis v1.99.1
  Scan saved at 10:13:05 PM, on 7/16/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5346.0005)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Softex\OmniPass\Omniserv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\system32\ishost.exe
  C:\Program Files\BroadJump\Client Foundation\CFD.exe
  C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  C:\WINDOWS\system32\ismon.exe
  C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\PROGRA~1\Yahoo!\browser\ycommon.exe
  C:\Program Files\outlook\outlook.exe
  C:\Program Files\D-Tools\daemon.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
  C:\dfndrad_5.exe
  C:\WINDOWS\v1201.exe
  C:\Program Files\Common Files\{6C44B700-0AF0-1033-1006-030304030001}\Update.exe
  C:\Program Files\AIM\aim.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
  C:\Program Files\Common Files\svchostsys\svchostsys.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\Program Files\OutLoud\CoolKill\CoolKill.exe
  C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\HijackThis\HijackThis.exe
  C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
  R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
  O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [winlog] winlog.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
  O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
  O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
  O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
  O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
  O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
  O4 - HKLM\..\RunServices: [winlog] winlog.exe
  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
  O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
  O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
  O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
  O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
  O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
  O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
  O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
  O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  
  
  
  You rock :Rocker:

  0
• jmoney3457 Maine

  July 2006 edited July 2006

  good job w/ the qoo fix now if you could please do this for me..
  Please run the BitDefender online scan from here; http://www.bitdefender.com/scan8/ie.html
  You will need to allow an active x install for the scan to run.
  Leave the scanning options at default and press "click here to scan"
  When finished scanning, click on "click here to export the scan report"
  Save it to your desktop, at "file name" type in "bdscan" then click save.
  Please attach the bdscan.html file to your next post along with a new hijackthis log.

  0
• LootSubu42

  July 2006 edited July 2006

  Alright, this BitDefender has been scanning for FOREVER and I just wanted to check if it's alright that it's taking so long
  
  Scan time so far is over 37 hours
  Files: 246915 out of 199913
  
  It will give me an estimated time, which is about a third of what it really is. And as soon as it hits zero, it goes back up to a new time of like 5 hours or something.
  It has found a lot of things though and many things have been deleted or disinfected.
  
  Just checking - is it alright that it's taking this long?

  0
• jmoney3457 Maine

  July 2006 edited July 2006

  hi loot, yes it is normal esp. lately I've read on some other forums that for some strange *unknown* reason bitdefender's online scan is taking many many times longer then the estimated given time and yes it's a slower scanner then some other online AV scanns but its VERY good and as you've said its detected alot of "nasties" so yes please let it finish I do apologize for the extended wait time... you by no means hafta just sit there and watch it scan you'd go mad:smiles: lol atleast i would but yes please let it finish and follow the instructions on how to attach it etc

  0
• yogi_bear Gloucester, United Kingdom

  July 2006 edited July 2006

  Sorry to be a proper "newbie," here and maybe state the obvious, but would'nt it be much quicker to simply back up your stuff, re-format the hard drive and start again? Surly this would not take longer than the 36-hours and counting of the virus scan? I reformat my hard disk at least 4 times a week!
  
  Beast Regards
  
  Steve

  0
• LootSubu42

  July 2006 edited July 2006

  Hmmm Yogi - I have no idea. I've never reformated, so I have no idea how to do so and backup things properly, etc.
  
  As for the scanning ---
  
  Yeah, I figured out why scanning was taking so long. It was trying to scan a virtual drive I had created and forgot about My bad.
  
  So I tried to stop it just because I couldn't figure anything else to do, since it seemed stuck. And it just sorta stopped working, as in it just froze up. I eventually just had to close it altogether.
  So I don't have any scan report to give to you.
  Here's the HijackThis log though now:
  
  
  Logfile of HijackThis v1.99.1
  Scan saved at 11:56:23 PM, on 7/18/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5346.0005)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Softex\OmniPass\Omniserv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\system32\ishost.exe
  C:\Program Files\BroadJump\Client Foundation\CFD.exe
  C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  C:\WINDOWS\system32\ismon.exe
  C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\PROGRA~1\Yahoo!\browser\ycommon.exe
  C:\Program Files\outlook\outlook.exe
  C:\Program Files\D-Tools\daemon.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Common Files\svchostsys\svchostsys.exe
  C:\Program Files\OutLoud\CoolKill\CoolKill.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
  C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
  C:\WINDOWS\TEMP\winBA8.tmp.exe
  C:\WINDOWS\TEMP\win3B7.tmp.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
  R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
  O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [winlog] winlog.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
  O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
  O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
  O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
  O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
  O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
  O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels8.exe
  O4 - HKLM\..\RunServices: [winlog] winlog.exe
  O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
  O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
  O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
  O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
  O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
  O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
  O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
  O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
  O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

  0
• jmoney3457 Maine

  July 2006 edited July 2006

  LootSubu42 wrote:

  Yeah, I figured out why scanning was taking so long. It was trying to scan a virtual drive I had created and forgot about My bad.

  ohhh ok thats fine loot but could you please re-do the scan only before starting the scan go into the options and uncheck that virtual drive and try it again and attach the log as hmtl as I said in my previous post thanks! cause its important I see what it found:bigggrin:
  *note* to change what area of your PC it scans under this options-->

  SCANNING OPTIONS  
  Select what you want to check for viruses  
  By default, your entire computer will be checked for viruses and other threats. To scan just some of your folders, click here.  
  

  click where it says "click here" and uncheck that virtual drive then continue as normal from my prev. post on how to do the bitdefender scan good luck:thumbup

  0
• LootSubu42

  July 2006 edited July 2006

  I am going on a camping trip this weekend - and will do this when I get back!
  Thanks!

  0
• jmoney3457 Maine

  July 2006 edited July 2006

  LootSubu42 wrote:

  I am going on a camping trip this weekend - and will do this when I get back!
  Thanks!

  have fun ill be here

  0
• LootSubu42

  July 2006 edited July 2006

  Hmmm, I dunno
  I unclicked the virtual drive and the scan went fine, but when it was done, it just simply shut down internet explorer (can't do it on firefox, so that's what I'm using), so I couldn't tell it to export the scan results. It's done it twice now - any suggestions?

  0
• jmoney3457 Maine

  July 2006 edited July 2006

  hmm yes that is weird, I recall that may have happened to me once on own PC but not 100% sure anyways lets try another (use explorer for this 1)-->Please do an online scan with Kaspersky WebScanner
  
  Click on Kaspersky Online Scanner
  
  You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
    
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)

  • Scan Options:

  Scan Archives
  Scan Mail Bases
  
  [*]Click OK
  [*]Now under select a target to scan:

  Select

  My Computer
  
  [*]This will program will start and scan your system.
  [*]The scan will take a while so be patient and let it run.
  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:

  [*]Save the file to your desktop.
  [*]Copy and paste that information in your next post.
  

  0
• LootSubu42

  July 2006 edited July 2006

  Alright - here's the result of the scan - thanks for the patience, I've been busy lately!
  
  
  

  ---

  KASPERSKY ON-LINE SCANNER REPORT
  Saturday, July 29, 2006 3:22:29 AM
  Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
  Kaspersky On-line Scanner version: 5.0.78.0
  Kaspersky Anti-Virus database last update: 29/07/2006
  Kaspersky Anti-Virus database records: 209747

  ---

  
  Scan Settings:
  Scan using the following antivirus database: extended
  Scan Archives: true
  Scan Mail Bases: true
  
  Scan Target - My Computer:
  A:\
  C:\
  D:\
  E:\
  F:\
  G:\
  H:\
  I:\
  J:\
  K:\
  L:\
  M:\
  N:\
  O:\
  
  Scan Statistics:
  Total number of scanned objects: 212772
  Number of viruses found: 43
  Number of infected objects: 145
  Number of suspicious objects: 5
  Duration of the scan process: 02:34:24
  
  Infected Object Name / Virus Name / Last Action
  C:\Documents and Settings\Owner\Local Settings\Temp\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
  C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr80B1 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
  C:\Documents and Settings\Owner\Local Settings\Temp\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
  C:\Documents and Settings\Owner\Local Settings\Temp\VVSNInst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
  C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C0IJPX6P\ff3[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
  C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IUP8DQOT\anti4[1].exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.cu skipped
  C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IUP8DQOT\anti4[1].exe Embedded EXE: infected - 1 skipped
  C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QX2N9D37\new[1].htm Infected: Constructor.Perl.Msdds.b skipped
  C:\Documents and Settings\Owner\My Documents\ADAM\AudioConverter\Audio_Conversion_Wizard_Crack.zip/acw.exe Suspicious: Packed.Win32.PePatch.dk skipped
  C:\Documents and Settings\Owner\My Documents\ADAM\AudioConverter\Audio_Conversion_Wizard_Crack.zip ZIP: suspicious - 1 skipped
  C:\Documents and Settings\Owner\My Documents\ADAM\BSINSTALL.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\Documents and Settings\Owner\My Documents\ADAM\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\Documents and Settings\Owner\My Documents\ADAM\BSINSTALL.exe WiseSFX: infected - 2 skipped
  C:\Documents and Settings\Owner\My Documents\ADAM\BSINSTALL.exe WiseSFX Dropper: infected - 2 skipped
  C:\Documents and Settings\Owner\My Documents\ADAM\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
  C:\Documents and Settings\Owner\My Documents\ADAM\OiUninstaller.exe NSIS: infected - 1 skipped
  C:\Documents and Settings\Owner\My Documents\Tyler1\ZwinkySetup2.2.50.0.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
  C:\My Downloads\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip/Audio_Conversion_Wizard_Crack.zip/acw.exe Suspicious: Packed.Win32.PePatch.dk skipped
  C:\My Downloads\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip/Audio_Conversion_Wizard_Crack.zip Suspicious: Packed.Win32.PePatch.dk skipped
  C:\My Downloads\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip ZIP: suspicious - 2 skipped
  C:\Program Files\BearShare\BearShareZangoInstaller.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\Program Files\BearShare\BearShareZangoInstaller.exe CAB: infected - 1 skipped
  C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 2 skipped
  C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX Dropper: infected - 2 skipped
  C:\Program Files\Common Files\Μіcrosoft.NET\nеtdde.exe Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
  C:\Program Files\HijackThis\backups\backup-20060715-115829-240.dll Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
  C:\Program Files\HijackThis\backups\backup-20060715-115829-895.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
  C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015959.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015959.exe WiseSFX: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015959.exe WiseSFX Dropper: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015974.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015975.exe Infected: not-a-virus:AdWare.Win32.EliteBar.ba skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0017092.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0017092.exe WiseSFX: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0017092.exe WiseSFX Dropper: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP17\A0017191.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP17\A0017191.exe WiseSFX: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP17\A0017191.exe WiseSFX Dropper: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP4\A0002277.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP4\A0002277.exe WiseSFX: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP4\A0002277.exe WiseSFX Dropper: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP70\A0035928.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP70\A0035928.exe WiseSFX: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP70\A0035928.exe WiseSFX Dropper: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038145.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038145.exe CAB: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038147.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038147.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038147.exe WiseSFX: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038147.exe WiseSFX Dropper: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038318.dll Infected: not-a-virus:AdWare.Win32.Comet.c skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038324.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038324.exe CAB: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038601.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038601.exe CAB: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038603.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038603.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038603.exe WiseSFX: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038603.exe WiseSFX Dropper: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP74\A0038621.dll Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP74\A0038622.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP74\A0038625.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038726.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038726.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038726.exe WiseSFX: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038726.exe WiseSFX Dropper: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038727.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038727.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038727.exe WiseSFX: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038727.exe WiseSFX Dropper: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038996.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038997.dll Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039124.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039124.exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039124.exe NSIS: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039197.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039202.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039230.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039231.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039234.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039235.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039237.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039238.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039239.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039240.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039241.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039242.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039243.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039244.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039247.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039251.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039252.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.as skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039253.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039255.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039256.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039258.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039259.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039353.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039371.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039384.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039384.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039384.exe NSIS: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039386.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039386.exe NSIS: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039390.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039392.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039400.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039402.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039403.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039404.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039405.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041461.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041462.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041462.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041462.exe CAB: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041464.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041521.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041526.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041529.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041540.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041555.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041567.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041567.exe CAB: infected - 1 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041569.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041569.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041569.exe WiseSFX: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041569.exe WiseSFX Dropper: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041592.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041647.exe Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041810.dll Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041811.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041951.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041957.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041957.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041957.exe NSIS: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041958.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041958.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041958.exe NSIS: infected - 2 skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041959.dll Infected: not-a-virus:AdWare.Win32.Chiem.a skipped
  C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0042113.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
  C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
  C:\WINDOWS\system32\msconfig.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
  C:\WINDOWS\system32\nodeipproc.dll Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
  C:\WINDOWS\system32\pmnkjii.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cu skipped
  C:\WINDOWS\system32\repairs302972955.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
  C:\WINDOWS\system32\ssttt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
  
  Scan process completed.
  
  

  ---

  0
• jmoney3457 Maine

  July 2006 edited July 2006

  loot, before we continue, i STRONGLY recommend you uninstall bearshare as it comes bundled with spyware where half your problems are probly coming from, If you have music files on bearshare make a new folder somewhere else on your PC (desktop, my documents etc) and save all the music and any other media files from bearshare you want to keep then after doing that uninstall bearshare via add/remove programs then reboot (if even it doesn't ask you to at the end of the uninstallation) then let me know so we can proceed or if you decide to keep it (which I strongly recommend against)

  0
• LootSubu42

  July 2006 edited July 2006

  Yeah, that's definately fine. I wasn't even aware that Bearshare was still on my computer - I thought I'd gotten rid of that a while ago.
  By your next post, I will have it removed.

  0
• jmoney3457 Maine

  July 2006 edited July 2006

  no problem loot!, now lets take care of virtumonde please follow these directions-->Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

  0
• LootSubu42

  August 2006 edited August 2006

  Alrighty, Bearshare is gone.
  Where to next?

  0
• LootSubu42

  August 2006 edited August 2006

  Wait - nevermind, I didn't see the second page of this thread
  My bad - let me do the thing in your last post hahaha
  Sorry for the wait - I'm stupid

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  LootSubu42 wrote:

  Wait - nevermind, I didn't see the second page of this thread
  My bad - let me do the thing in your last post hahaha
  Sorry for the wait - I'm stupid

  lol no prob m8 your not stupid happens to the best of us

  0
• LootSubu42

  August 2006 edited August 2006

  Hmmm, whenever I check "Run VundoFix as a task." it says it will open again in a minute or less.
  But...it never does.
  Should I just do the normal scan or what?

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  yes, for some strange reason it does that especially recently I've seen..but yes just run it as scan and post log

  0
• LootSubu42

  August 2006 edited August 2006

  VundoFix V5.1.6
  
  Checking Java version...
  
  Java version is 1.5.0.6
  
  Scan started at 12:09:29 AM 8/4/2006
  
  Listing files found while scanning....
  
  C:\windows\system32\pmnkjii.dll
  C:\windows\system32\ssttt.dll
  C:\windows\system32\tttss.ini
  C:\windows\system32\tttss.bak2
  C:\windows\system32\tttss.ini2
  C:\windows\system32\tttss.tmp
  
  Beginning removal...
  
  The process smss.exe was successfully stopped
  
  The process winlogon.exe was successfully stopped
  
  The process explorer.exe was successfully stopped
  
  The process iexplore.exe was successfully stopped
  
  The process rundll32.exe was successfully stopped
  
  Attempting to delete C:\windows\system32\pmnkjii.dll
  C:\windows\system32\pmnkjii.dll Has been deleted!
  
  Attempting to delete C:\windows\system32\ssttt.dll
  C:\windows\system32\ssttt.dll Has been deleted!
  
  Attempting to delete C:\windows\system32\tttss.ini
  C:\windows\system32\tttss.ini Has been deleted!
  
  Attempting to delete C:\windows\system32\tttss.bak2
  C:\windows\system32\tttss.bak2 Has been deleted!
  
  Attempting to delete C:\windows\system32\tttss.ini2
  C:\windows\system32\tttss.ini2 Has been deleted!
  
  Attempting to delete C:\windows\system32\tttss.tmp
  C:\windows\system32\tttss.tmp Has been deleted!
  
  Performing Repairs to the registry.
  Done!
  
  
  
  
  ~~~~~~~~~~~~~~~
  
  
  Logfile of HijackThis v1.99.1
  Scan saved at 12:23:57 AM, on 8/4/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5346.0005)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Softex\OmniPass\Omniserv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\BroadJump\Client Foundation\CFD.exe
  C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\D-Tools\daemon.exe
  C:\PROGRA~1\Yahoo!\browser\ycommon.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\Program Files\Common Files\{6C44B700-0AF0-1033-1006-030304030001}\Update.exe
  C:\Program Files\AIM\aim.exe
  C:\Program Files\Common Files\AOL\1130981484\ee\aolsoftware.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\Program Files\OutLoud\CoolKill\CoolKill.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
  C:\Program Files\HijackThis\HijackThis.exe
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
  R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
  F2 - REG:system.ini: UserInit=userinit.exe
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {84DE4796-E364-4DD4-AFA2-B7FCCF56C809} - C:\Program Files\MSN Gaming Zone\megoqahi.dll (file missing)
  O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g22239546.dll (file missing)
  O2 - BHO: (no name) - {E4E947E9-BFA5-48BD-9D0E-C188B7DD485D} - C:\WINDOWS\system32\ssttt.dll (file missing)
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
  O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [winlog] winlog.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
  O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
  O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
  O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130981484\ee\AOLHostManager.exe
  O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
  O4 - HKLM\..\RunServices: [winlog] winlog.exe
  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
  O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
  O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
  O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
  O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
  O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\scgina.dll (file missing)
  O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  
  
  
  
  How's it looking?

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  good job on the vundo! now please do a system scan only in HJT (make sure no windows are open during this fix except for HJT itself) and fix *check* these lines-->R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
  O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g22239546.dll (file missing)
  O2 - BHO: (no name) - {E4E947E9-BFA5-48BD-9D0E-C188B7DD485D} - C:\WINDOWS\system32\ssttt.dll (file missing)
  then reboot and post new hjt log please:) ...also loot do you know this program C:\Program Files\OutLoud\CoolKill\CoolKill.exe ?

  0
• LootSubu42

  August 2006 edited August 2006

  Alright, 'tis done.
  
  Logfile of HijackThis v1.99.1
  Scan saved at 6:16:56 PM, on 8/4/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5346.0005)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Softex\OmniPass\Omniserv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\BroadJump\Client Foundation\CFD.exe
  C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  C:\PROGRA~1\Yahoo!\browser\ycommon.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\D-Tools\daemon.exe
  C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\Program Files\Common Files\{6C44B700-0AF0-1033-1006-030304030001}\Update.exe
  C:\Program Files\Common Files\AOL\1130981484\ee\aolsoftware.exe
  C:\Program Files\AIM\aim.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\HijackThis\HijackThis.exe
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
  F2 - REG:system.ini: UserInit=userinit.exe
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {84DE4796-E364-4DD4-AFA2-B7FCCF56C809} - C:\Program Files\MSN Gaming Zone\megoqahi.dll (file missing)
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
  O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [winlog] winlog.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
  O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
  O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
  O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130981484\ee\AOLHostManager.exe
  O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
  O4 - HKLM\..\RunServices: [winlog] winlog.exe
  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
  O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
  O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
  O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
  O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
  O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
  O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\scgina.dll (file missing)
  O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  
  
  
  ~~~~~~~~~
  
  Yeah, I know the CoolKill program, it's fine. See, my CTRL+ALT+DELETE doesn't work anymore, so I needed something to get rid of apps if they were to freeze up. That's what CoolKill does for me - so no problems there

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  oh ok it's fine then but when you said this

  LootSubu42 wrote:

  See, my CTRL+ALT+DELETE doesn't work anymore

  do you know what makes your ctrl alt del not function anymore?

  0
• LootSubu42

  August 2006 edited August 2006

  *shrug*
  It's actually been like this for a while - I think something got screwed up and I just never figured out how to fix it. Originally, it wouldn't let me into regedit or anything like that either, but I finally did correct that.
  But Ctrl-Alt-Delete is something I've never been able to fix and every time I search for a way to fix it, I just end up getting more confused and unsure of what to do.
  So I just CoolKill, because it's basically task manager in a different form.
  I do remember a while ago reading something that pointed to me having a virus that had shut that function down (ctrl-alt-delete), so I did some things and got rid of the virus, but the computer never returned to the way it was.
  Hope that's an answer of sorts.

  0