Big Problem

Computing.Net > Forums > Security and Virus > Big Problem

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Big Problem

Name: kwoody
Date: February 4, 2006 at 07:56:46 Pacific
OS: XP HOME EDITION
CPU/Ram: 256mb

Comment:

Hey everyone I am a newbie so don't expect me to know much about computers. I have been having this problem now for ages an I need to get it fixed as it disrupts my gameplay. The screenshot shows it, this pops up about every 10 to 15 mins 2 at a time. Can anyone help me please? The screenshot is attached.

Thanks for any help in advance.
Kyle

Sponsored Link

Ads by Google

Response Number 1

Name: kwoody
Date: February 4, 2006 at 07:58:59 Pacific

Reply:

Sry here is the screenshot
[img]http://www.ifsd.ie/forum/aspThumb.asp?fileName=popup%[/img]

Response Number 2

Name: jabuck
Date: February 4, 2006 at 08:10:59 Pacific

Reply:

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 3

Name: kwoody
Date: February 4, 2006 at 08:17:06 Pacific

Reply:

Cheers here
Logfile of HijackThis v1.99.1
Scan saved at 16:16:10, on 04/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\kernels32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\system32\kernels32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btopenworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btopenworld.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels32.exe
O1 - Hosts: 12.129.205.209 search.netscape.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [PixAlertMonitor] C:\Program Files\BOS\PixAlert Monitor Home\MCtrlA5-0.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [vmcleaner] gxlib.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] windowsupdate.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com
O15 - Trusted Zone: www.avsim.com
O15 - Trusted Zone: forums.avsim.net
O15 - Trusted Zone: library.avsim.net
O15 - Trusted Zone: www.avsim.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098731009296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB6E7BF-876D-4715-BE70-337A4831922A}: NameServer = 194.72.9.34 62.6.40.178
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Response Number 4

Name: jabuck
Date: February 4, 2006 at 08:58:05 Pacific

Reply:

Run Ht again,close all windows and browsers except HT, place a check to the left of the following items and press "fix checked":
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\Run: [vmcleaner] gxlib.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] windowsupdate.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels32.exe
Next reboot into safe mode.Shut the computer down,wait 30 seconds,press the start button and imediately start pressing F8 at about 1 second intervals. You should get an option screen,choose safe mode then follow the prompts.
Once in safe mode navigate to and delete these files if found:
C:\WINDOWS\system32\kernels32.exe
C:\WINDOWS\system32\gxlib.exe
C:\WINDOWS\system32\vmlib.exe
C:\WINDOWS\system32\smsc.exe
C:\WINDOWS\system32\windowsupdate.exe
C:\WINDOWS\kernels32.exe
C:\WINDOWS\gxlib.exe
C:\WINDOWS\vmlib.exe
C:\WINDOWS\smsc.exe
C:\WINDOWS\windowsupdate.exe
Reboot into normal mode, Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into safe mode and run Ewido
When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop in case you need it later.
Please reboot into normal mode and post the ewido log and a new HT log..

Response Number 5

Name: kwoody
Date: February 4, 2006 at 09:04:25 Pacific

Reply:

Cheers, I will do that now.

taskman.exe mctrlA5-0 server.lon.liveperson.net	ADS1 dc1.exe startup windows 7 big problem
See More

Response Number 6

Name: kwoody
Date: February 5, 2006 at 02:31:11 Pacific

Reply:

Thank you again here is the HT log;
Logfile of HijackThis v1.99.1
Scan saved at 10:26:44, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btopenworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btopenworld.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O1 - Hosts: 12.129.205.209 search.netscape.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [PixAlertMonitor] C:\Program Files\BOS\PixAlert Monitor Home\MCtrlA5-0.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com
O15 - Trusted Zone: www.avsim.com
O15 - Trusted Zone: forums.avsim.net
O15 - Trusted Zone: library.avsim.net
O15 - Trusted Zone: www.avsim.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098731009296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB6E7BF-876D-4715-BE70-337A4831922A}: NameServer = 194.72.9.34 62.6.40.178
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Here is the ewido log;
ewido anti-malware - Scan report

+ Created on: 01:03:47, 05/02/2006
+ Report-Checksum: FF45C831
+ Scan result:
HKLM\SOFTWARE\PSGuard.com -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\kyle&kelly\Local Settings\Temporary Internet Files\Content.IE5\M32JU5EV\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\kyle&kelly\Local Settings\Temporary Internet Files\Content.IE5\M32JU5EV\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\kyle&kelly\Local Settings\Temporary Internet Files\Content.IE5\SD492Z89\istdownload[1].exe -> Downloader.IstBar.ne : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@247realmedia[2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@ads1.revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@counter14.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@counter15.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@counter3.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@counter4.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@counter6.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@counter7.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@counter8.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@counter9.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@e-2dj6wfkokgdjkdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@e-2dj6wfkoohczkhp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@e-2dj6wfmigodjikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@e-2dj6wjkygmdzekq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@e-2dj6wjlokid5ibq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@e-2dj6wjnygmajmdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@ehg-esa.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@ehg-kodak.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@highbeam.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@qantasairways.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@sel.as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@server.lon.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@test.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@web4.realtracker[2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kyle_2\Cookies\kyle_2@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Kyle_2\Local Settings\Temp\Del80.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Hijackthis\backups\backup-20060127-224612-896.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Hijackthis\backups\backup-20060127-224612-908.dll -> Spyware.WinAD : Cleaned with backup
C:\Hijackthis\backups\backup-20060127-224613-279.dll -> Downloader.WebP2PInstaller : Cleaned with backup
C:\Hijackthis\backups\backup-20060127-224614-154.dll -> Downloader.IstBar : Cleaned with backup
C:\Hijackthis\backups\backup-20060127-224615-256.dll -> Downloader.IstBar : Cleaned with backup
C:\lo-2003311482.exe -> Downloader.Agent.ws : Cleaned with backup
C:\Program Files\Admilli Service\AdmilliComm.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Altnet -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Altnet\Download Manager -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Altnet\Download Manager\asm.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Altnet\Download Manager\asmps.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Altnet\My Altnet Shares -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\CMEII\CMEIIAPI.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\CMESys.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GAppMgr.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GController.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GDwldEng.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GIocl.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GIoclClient.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GMTProxy.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GObjs.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GStore.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GStoreServer.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\Gtools.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\EGGCEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\egIEEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\EGIEProcess.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\EGNSEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GatorRes.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GatorStubSetup.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GMT.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GUninstaller.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
C:\Program Files\Internet Optimizer\update -> Spyware.InternetOptimizer : Cleaned with backup
C:\Program Files\Internet Optimizer\update\optimize314.exe -> Spyware.InternetOptimizer : Cleaned with backup
C:\Program Files\PrecisionTime\PrecisionTime.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Save -> Spyware.SaveNow : Cleaned with backup
C:\Program Files\Save\SaveUninst.exe -> Spyware.SaveNow : Cleaned with backup
C:\Program Files\Win Comm\WinComm.exe -> Spyware.WinComm : Cleaned with backup
C:\RECYCLER\S-1-5-21-2210005112-2695072642-2419647484-1010\Dc23.dll -> Downloader.Keenval.k : Cleaned with backup
C:\RECYCLER\S-1-5-21-2210005112-2695072642-2419647484-500\Dc1.exe -> Trojan.LowZones.cu : Cleaned with backup
C:\RECYCLER\S-1-5-21-2210005112-2695072642-2419647484-500\Dc2.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\temp\lc.exe -> Adware.BetterInternet : Cleaned with backup
C:\temp\msbbhook.dll -> Spyware.180Solutions : Cleaned with backup
C:\web.exe -> Trojan.LowZones.cu : Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\dba1104.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\dba1733.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gba870.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pcs_0009.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll -> Spyware.Yahoo : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\jao.dll -> Logger.Briss.h : Cleaned with backup
C:\WINDOWS\system32\P2P Networking -> Spyware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache -> Spyware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database -> Spyware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Spyware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\taskman.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\WINDOWS\system32\TFTP2180 -> Backdoor.Rbot.15 : Cleaned with backup
C:\WINDOWS\system32\vx.tll -> Adware.SpySheriff : Cleaned with backup

::Report End
Thanks for any help in advance.

Response Number 7

Name: jabuck
Date: February 5, 2006 at 05:04:14 Pacific

Reply:

Looks like I missed one.
Please download smitRem.zip and save it to your desktop from this link http://noahdfear.geekstogo.com/smitRem.exe Do not run a it yet.
Open the file and it will extract itself to a new folder called SmitRem.
Reboot into safe mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again, this is normal.
Wait for the tool to complete and Disk Cleanup to finish, this may take a while; please be patient.

Next go to Start > Control Panel > click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
Run Ht again,close all windows and browsers except HT,place a check to the left of this item if founf and press "fix checked":
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
Run Ewido again and post the results.

Response Number 8

Name: kwoody
Date: February 5, 2006 at 13:39:25 Pacific

Reply:

Ok I will do this but it will be tomarrow

Response Number 9

Name: kwoody
Date: February 8, 2006 at 09:22:36 Pacific

Reply:

Sorry for the delay, I am very busy at the minute.
Thank you

Sponsored Link

Ads by Google

msconfig>startup & co...

Your Thoughts- Tests

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Big Problem

big problem with b.exe virus wreked my comp

Summary

www.computing.net/answers/security/big-problem-with-bexe-virus-wreked-my-comp/27436.html

big trojan problem!!!

Summary

www.computing.net/answers/security/big-trojan-problem/11808.html

Connectivity problems after Pate.b

Summary

www.computing.net/answers/security/connectivity-problems-after-pateb/7328.html

From the Geek Dictionary
Ding Dong Ditch - 'Ding Dong Ditch' (similar to 'Ring and Run'), is a slang term for running ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
In Tcl, exec script & get variables exported

Moving files

gta san andreas

who can help me

Run disk cloning software from different OS

All Awaiting Reply

Tom's News
New York Testing Console-Based Alert System

Google Uses Ad to Explain Offensive First Lady Pic

U.S. Air Force Buying 2,200 PlayStation 3s

LittleBigPlanet Playing Part in Obama's STEM Plan

Facebook Worm Sends Users to Porn

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE