Options
Computer behaing badly...
I am trying to clean all the junk off of a laptop I inherited & am still having problems.
I went through the Adaware, Spybot & Ewido steps & computer still isn't acting right.
When booting in safe mode, it runs fairly well, but when booting in normal mode, everything hangs.
I can't force quit & eventually get to the point of having to shut the power off.
I might add that if I boot in safe mode with networking, I'm still getting pop up ads out of no where!
I have enclosed my hijackthis & ewido logs below.
Any help appreciated!
Thanks-
ewido anti-malware - Scan report
+ Created on: 1:27:58 PM, 4/15/2006
+ Report-Checksum: 371C0A98
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1532886375-1754454779-3683679437-500\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1532886375-1754454779-3683679437-500\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[704] C:\WINDOWS\system32\ubat.dll -> Adware.Look2Me : Error during cleaning
[868] C:\WINDOWS\system32\ubat.dll -> Adware.Look2Me : Error during cleaning
C:\WINDOWS\system32\oqffilt.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cmusk.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\mrxml3a.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\MMC71ESP.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mbxparhd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nsmsapi.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\NLCMPS.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fp2o03f3e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\e2200cfmef2a0.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\r8r60i9se8.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\xNJXCINFXBP.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\198_150_ni_3.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\sys02217641220.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup
C:\WINDOWS\keyboard10.exe -> Downloader.Adload.am : Cleaned with backup
C:\WINDOWS\mousepad10.exe -> Hijacker.VB.ly : Cleaned with backup
C:\WINDOWS\newname10.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\ac2_0009.exe -> Downloader.Small.cpu : Cleaned with backup
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C9I2FTZ2\198_150_i_3[1].abc -> Downloader.Agent.wd : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\EX2V4JKL\mousepad11[1].exe -> Hijacker.VB.mo : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\IZSJUXO7\!update-3595[1].0000 -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\IZSJUXO7\newname11[1].exe -> Downloader.Adload.ae : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\W52F092V\keyboard11[1].exe -> Backdoor.VB.ary : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHERO96B\413_615[1].exe -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\loadadv640.exe -> Downloader.Harnig.bc : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\mmxp2passion.exe -> Downloader.VB.sh : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\!update.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\i256.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\f321002687.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\loadex[1].exe -> Downloader.Agent.aie : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\drsmartload[1].exe -> Downloader.Adload.ap : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\keyboard10[1].exe -> Downloader.Adload.am : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\optimize[1].exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\7D4W9WDW\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\7D4W9WDW\visfx500[1].exe -> Dropper.Agent.aie : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\newname10[1].exe -> Downloader.Adload.ae : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\!update-3620[1].0000 -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\ac2_0009[1].exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\ZICORN001[1].exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\ac2_0003[1].exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\drsmartload45a[1].exe -> Downloader.Adload.an : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@www.web-stat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.enhance[3].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.goclick[4].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@stats1.reliablestats[4].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\cat\Cookies\cat@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Program Files\ѕеcurity\services.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Program Files\Norton AntiVirus\Savrt\0298NAV~.TMP -> Downloader.Qoologic.bj : Cleaned with backup
C:\w.exe -> Downloader.Agent.aie : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup
C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup
C:\413_615.exe -> Trojan.Small : Cleaned with backup
::Report End
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Logfile of HijackThis v1.99.1
Scan saved at 3:48:59 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mywty.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xtexjdf.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{CF-F7-79-9C-ZN}] c:\windows\system32\dwdsregt.exe CORN002
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_7.cab
O20 - AppInit_DLLs: iniwin32.dll,"
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\lv8609lse.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I went through the Adaware, Spybot & Ewido steps & computer still isn't acting right.
When booting in safe mode, it runs fairly well, but when booting in normal mode, everything hangs.
I can't force quit & eventually get to the point of having to shut the power off.
I might add that if I boot in safe mode with networking, I'm still getting pop up ads out of no where!
I have enclosed my hijackthis & ewido logs below.
Any help appreciated!
Thanks-
ewido anti-malware - Scan report
+ Created on: 1:27:58 PM, 4/15/2006
+ Report-Checksum: 371C0A98
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1532886375-1754454779-3683679437-500\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1532886375-1754454779-3683679437-500\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[704] C:\WINDOWS\system32\ubat.dll -> Adware.Look2Me : Error during cleaning
[868] C:\WINDOWS\system32\ubat.dll -> Adware.Look2Me : Error during cleaning
C:\WINDOWS\system32\oqffilt.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cmusk.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\mrxml3a.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\MMC71ESP.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mbxparhd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nsmsapi.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\NLCMPS.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fp2o03f3e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\e2200cfmef2a0.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\r8r60i9se8.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\xNJXCINFXBP.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\198_150_ni_3.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\sys02217641220.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup
C:\WINDOWS\keyboard10.exe -> Downloader.Adload.am : Cleaned with backup
C:\WINDOWS\mousepad10.exe -> Hijacker.VB.ly : Cleaned with backup
C:\WINDOWS\newname10.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\ac2_0009.exe -> Downloader.Small.cpu : Cleaned with backup
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C9I2FTZ2\198_150_i_3[1].abc -> Downloader.Agent.wd : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\EX2V4JKL\mousepad11[1].exe -> Hijacker.VB.mo : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\IZSJUXO7\!update-3595[1].0000 -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\IZSJUXO7\newname11[1].exe -> Downloader.Adload.ae : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\W52F092V\keyboard11[1].exe -> Backdoor.VB.ary : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHERO96B\413_615[1].exe -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\loadadv640.exe -> Downloader.Harnig.bc : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\mmxp2passion.exe -> Downloader.VB.sh : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\!update.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\i256.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temp\f321002687.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\loadex[1].exe -> Downloader.Agent.aie : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\drsmartload[1].exe -> Downloader.Adload.ap : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\keyboard10[1].exe -> Downloader.Adload.am : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\optimize[1].exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\6S9BBQDF\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\7D4W9WDW\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\7D4W9WDW\visfx500[1].exe -> Dropper.Agent.aie : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\newname10[1].exe -> Downloader.Adload.ae : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\!update-3620[1].0000 -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\ac2_0009[1].exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\ZICORN001[1].exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\ac2_0003[1].exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1NQE6FM9\drsmartload45a[1].exe -> Downloader.Adload.an : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@www.web-stat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.enhance[3].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@c.goclick[4].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@stats1.reliablestats[4].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\cat\Cookies\cat@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Program Files\ѕеcurity\services.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Program Files\Norton AntiVirus\Savrt\0298NAV~.TMP -> Downloader.Qoologic.bj : Cleaned with backup
C:\w.exe -> Downloader.Agent.aie : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup
C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup
C:\413_615.exe -> Trojan.Small : Cleaned with backup
::Report End
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Logfile of HijackThis v1.99.1
Scan saved at 3:48:59 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mywty.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xtexjdf.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{CF-F7-79-9C-ZN}] c:\windows\system32\dwdsregt.exe CORN002
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_7.cab
O20 - AppInit_DLLs: iniwin32.dll,"
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\lv8609lse.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Comments
Please download Look2Me-Destroyer to your desktop.
Disconnect your PC from the internet!
- Double-click Look2Me-Destroyer.exe to run it.
- Put a check next to Run this program as a task.
- You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
- When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
- Once it's done scanning, click the Remove L2M button.
- You will receive a Done Scanning message, click OK.
- When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
- Your computer will then shutdown.
- Turn your computer back on.
- Re-connect back to the internet.
- Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.