|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
April 19th, 2006, 03:41 AM
|
|||
|
|||
|
Limewire- Please Help!
Hello, I am fairly new to this forum. The other night, I downloaded something on limewire. Ever since then, I have had a mass of pop-ups, my external soundcard is not working, and limewire opens up automatically about once every 2 or 3 minutes instance after instance after instance. I cannot even get my internal sound card to work any more. I posted my Hijack This log on here to see if anyone can help? It would be greatly appreciated. Thanks.
Logfile of HijackThis v1.99.1 Scan saved at 10:28:26 PM, on 4/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\STOPzilla!\SZServer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Personal Firewall\SymProxySvc.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe C:\Program Files\Norton Personal Firewall\NISSERV.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Norton Personal Firewall\IAMAPP.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\outlook\outlook.exe C:\windows\mousepad11.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pfqatof. exe O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0. dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DirectX] C:\WINDOWS\Backup\DirectX.exe O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE O4 - HKLM\..\Run: [REMOVE ME] ascltt.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard11.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe O4 - HKLM\..\Run: [newname] C:\windows\newname11.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [yewcngdA] C:\WINDOWS\yewcngdA.exe O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\RunServices: [REMOVE ME] ascltt.exe O4 - HKCU\..\Run: [REMOVE ME] ascltt.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: Omega ASIO Control Panel.lnk = C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinqrag.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-sp.htm O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-sp.htm O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: ComcastHSI - {3AB55242-4F2D-4106-81B0-F9E8C2BBB623} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O9 - Extra button: Support - {B6CA8F90-E58D-4E19-8631-AAC5840F90F4} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: Help - {EBF5EBFA-E28B-4CE9-A9FA-E7A149FF5EC3} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105972832247 O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing) 
|
|
#2
April 19th, 2006, 05:13 AM
|
|||
|
|||
|
Hi and Welcome
It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed. ------------------------------------------------------------- Download any of the required programs before attempting to start any of the fixes. ------------------------------------------------------------------ Download the trial version of Ewido Security Suite When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu". Launch Ewido Security Suite (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files. On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido. http://www.ewido.net/en/download/updates/. Do not run a scan yet. When you have done this, boot into Safe Mode (restart your PC and keep tapping F8 while it restarts). Run Ewido Security Suite now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido Security Suite.Please post its log here. ---------------------------------------------------------------- Download FindQool, extract the files and place the FindQool folder in the root directory, usually thats C:\ Open that folder and run Qlocate.bat, post the text of that log back here please.. ---------------------------------------------------------------- SHOW HIDDEN FILES AND FOLDERS. To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK ------------------------------------------------------------------ Files highlighted in BLACK will need to be removed from your hard drive. Folders that have been highlighted RED will need to be uninstalled. ----------------------------------------------------------------------- Please start by going into SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager Zeno Search Assistant removal AWS SpyKiller winupdates ----------------------------------------------------------------- Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following exe file and click End Process for each one if they are listed. kwinqrag.exe ascltt.exe TESTING.EXE ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pfqatof. exe O4 - HKLM\..\Run: [DirectX] C:\WINDOWS\Backup\DirectX.exe O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE O4 - HKLM\..\Run: [REMOVE ME] ascltt.exe O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard11.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe O4 - HKLM\..\Run: [newname] C:\windows\newname11.exe O4 - HKLM\..\Run: [yewcngdA] C:\WINDOWS\yewcngdA.exe O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\RunServices: [REMOVE ME] ascltt.exe O4 - HKCU\..\Run: [REMOVE ME] ascltt.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinqrag.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s Also delete the following red folder/s C:\WINDOWS\system32\kwinqrag.exe C:\WINDOWS\system32\ascltt.exe C:\WINDOWS\system32\TESTING.EXE C:\WINDOWS\system32\pfqatof. exe C:\windows\keyboard11.exe C:\windows\mousepad11.exe C:\windows\newname11.exe C:\WINDOWS\yewcngdA.exe C:\PROGRAM FILES\AWS C:\Program Files\SpyKiller C:\Program Files\winupdates C:\Program Files\outlook ------------------------------------------------------------------- When finished please post a new log...... Last edited by Pancake; April 19th, 2006 at 05:22 AM.
|
|
#3
April 21st, 2006, 05:44 AM
|
|||
|
|||
|
Ok did all that. WOW! That was some type of work. I couldn't post the Ewido log. It found over 7000 infected files. After it cleaned up about 6500 files, it locked up and I had to do it again. It still wouldn't give me a log. As for the other logs, I have posted below. FindQlog first. HJT log second.
Fri 04/21/2006 Running from: C:\FindQool PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE. Known file names C:\WINDOWS\UNWN.EXE MD5 Check.... C:\WINDOWS\system32\txhvv.dat C:\WINDOWS\system32\nassjj.exe Files found with locate com. C:\WINDOWS\SYSTEM32\TXHVV.DAT C:\WINDOWS\SYSTEM32\NASSJJ.EXE Re-check using dir /a:-d C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup 04/05/2004 01:23 PM 794 Adobe Gamma Loader.exe.lnk ... HKEY_LOCAL_MACHINE\software\qstat HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\webnexus ... Runs, Listed here as a Doublecheck for the locate com results HKLM HKCU ... Files In Winlogon shell and userinit Listed here as a Doublecheck for the locate com results shell REG_SZ Explorer.exe userinit REG_SZ C:\WINDOWS\system32\userinit.exe,pfqatof.exe ... SWReg utility Written by Bobbi Flekman © 2005 Findqool edited 4/05/2006 Logfile of HijackThis v1.99.1 Scan saved at 12:40:40 AM, on 4/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\STOPzilla!\SZServer.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe C:\Program Files\Norton Personal Firewall\NISSERV.EXE C:\Program Files\Norton Personal Firewall\SymProxySvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Norton Personal Firewall\IAMAPP.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\devldr32.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0. dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: Omega ASIO Control Panel.lnk = C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-sp.htm O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-sp.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: ComcastHSI - {3AB55242-4F2D-4106-81B0-F9E8C2BBB623} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Support - {B6CA8F90-E58D-4E19-8631-AAC5840F90F4} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: Help - {EBF5EBFA-E28B-4CE9-A9FA-E7A149FF5EC3} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105972832247 O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing) I greatly appreciate all the help.
|
|
#4
April 21st, 2006, 05:45 AM
|
|||
|
|||
|
By the way, my pop ups are still worse than ever.
|
|
#5
April 21st, 2006, 07:15 AM
|
|||
|
|||
|
Download Pocket Killbox
Run Killbox and paste the full file path of each of the below files in the box and tick "Delete on Reboot". Next click on the button with the red circle and an X in the middle ("Delete file"). You will get a message saying "File will be deleted on next reboot" Click "Yes" and another : " Files will be removed on reboot. Do you want to reboot now ?" . Click "No" Click "Yes" after the last file and let the computer reboot. Please check "End Explorer Shell While Killing File" C:\WINDOWS\SYSTEM32\TXHVV.DAT C:\WINDOWS\SYSTEM32\NASSJJ.EXE C:\WINDOWS\system32\pfqatof.exe C:\WINDOWS\UNWN.EXE Let me know if the popups are still happening.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Limewire | Panama65 | The Anything Else Board | 1 | January 16th, 2009 09:01 PM |
| LimeWire Help | Bob_G | Malware Removal | 11 | June 9th, 2006 03:38 AM |
| Limewire- Please Help! | seekeroftruth | Windows XP | 2 | April 19th, 2006 03:51 AM |
| Limewire | leigh86 | Malware Removal | 8 | January 18th, 2006 05:31 AM |
| limewire | stevemg | Windows XP | 1 | October 24th, 2005 09:38 AM |
All times are GMT +1. The time now is 04:49 AM.