Still need help with b.exe Removal!

Computing.Net > Forums > Security and Virus > Still need help with b.exe Removal!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Still need help with b.exe Removal!

Name: aDcOoL
Date: December 22, 2006 at 20:04:28 Pacific
OS: Windows XP
CPU/Ram: 192

Comment:

I posted about a problem I was having a while ago, and I received help, but I'm still having problems, and my thread is now almost at the bottom of the list, and I've noticed that I haven't gotten any replies for a while...so could someone please help me with this? This is an EXTREMELY annoying virus and I would LOVE if anybody could help me get rid of it. Thank you very much.
http://www.computing.net/security/w...

Sponsored Link

Ads by Google

Response Number 1

Name: jboy
Date: December 22, 2006 at 20:17:07 Pacific

Reply:

"I've noticed that I haven't gotten any replies for a while.."
As of December 1st, further logs were requested - 17 days later, you complied - although during that lull, another poster seems to have taken over the thread (and those should have been reported & removed)
Probably you should have PM'd or alerted jabuck that you were willing to continue - hopefully he will see this new message
I'm not one of those who think Bill Gates is the devil. I simply suspect that if Microsoft ever met up with the devil, it wouldn't need an interpreter

Response Number 2

Name: aDcOoL
Date: December 22, 2006 at 20:22:33 Pacific

Reply:

The reason it took me "17 days" to reply is because that freaking virus scan kept getting canceled...sometimes one of my family members would just shut off the computer, or they would log me off and go on their accounts. It took me about 10 attempts to finally go thru a whole virus scan to find no viruses. :P

Response Number 3

Name: jboy
Date: December 22, 2006 at 20:28:46 Pacific

Reply:

Well... whatever. I'd consider that an unreasonable length of time to expect a helper to track a post, although 'mileage may vary' (personally, I give up after 3 days, often less)
shoulda made the effort and let him know that you'd returned - oh well, I'm sure if he's available he'll continue
I'm not one of those who think Bill Gates is the devil. I simply suspect that if Microsoft ever met up with the devil, it wouldn't need an interpreter

Response Number 4

Name: jabuck
Date: December 22, 2006 at 22:20:55 Pacific

Reply:

Please go to the following link and run the istbar removal tool:
Istbar Removal Tool
Then post a new Hijack This log and a new combofix log.

Response Number 5

Name: aDcOoL
Date: December 23, 2006 at 06:35:00 Pacific

Reply:

It scanned my whole computer and then said it couldn't find it.

mysqld-nt.exe vlc http streaming wuauclt.exe	b.exe qttask.exe b.exe removal
See More

Response Number 6

Name: jabuck
Date: December 23, 2006 at 06:38:47 Pacific

Reply:

Ok, now for the other two logs...we need fresh ones.

Response Number 7

Name: aDcOoL
Date: December 23, 2006 at 06:41:07 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 9:40:45 AM, on 12/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\iolo\SYSTEM~1\SysMech6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assis...
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe -p
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/gam...
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.c...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/Ima...
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://streaming.endeavors.com/microsoft/encarta_rl/clientdownloads/OTAI.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binar...
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB880ED9-EE84-48FA-BA05-3BE098007701}: NameServer = 67.69.184.235,67.69.184.84
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

Response Number 8

Name: aDcOoL
Date: December 23, 2006 at 07:09:27 Pacific

Reply:

Adam - 06-12-23 9:43:44.71 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Adam\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-11-23 to 2006-12-23 ))))))))))))))))))))))))))))))))))

2006-12-20 16:04 <DIR> d-------- C:\Program Files\SWiSHzone.com FLV Filter
2006-12-17 20:04 <DIR> d-------- C:\Program Files\Ares
2006-12-16 20:55 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-12-09 14:19 <DIR> d-------- C:\Program Files\ConTEXT
2006-12-07 20:57 <DIR> d-------- C:\Documents and Settings\Adam\DoctorWeb
2006-12-07 20:13 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-07 20:13 <DIR> d-------- C:\Program Files\Grisoft
2006-12-03 14:04 48,424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-11-29 16:01 1,692 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-29 15:52 <DIR> d-------- C:\Program Files\Hijackthis

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-23 09:39 -------- d-------- C:\Documents and Settings\Adam\Application Data\uTorrent
2006-12-23 08:29 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-22 22:36 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-12-21 16:15 -------- d-------- C:\Program Files\PSP Brew
2006-12-20 16:40 -------- d-------- C:\Documents and Settings\Adam\Application Data\SWiSHvideo
2006-12-20 16:05 -------- d-------- C:\Program Files\SWiSHvideo2
2006-12-15 19:38 -------- d-------- C:\Program Files\MSN Messenger
2006-12-14 07:17 -------- d-------- C:\Program Files\Internet Explorer
2006-12-14 07:12 -------- d-------- C:\Program Files\Outlook Express
2006-12-10 21:21 -------- d-------- C:\Documents and Settings\Adam\Application Data\Image Zone Express
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-26 15:36 -------- d-------- C:\Program Files\StepMania
2006-11-20 17:05 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-20 16:20 -------- d-------- C:\Program Files\iolo
2006-11-19 14:56 -------- d-------- C:\Program Files\ESET
2006-11-19 12:35 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-11-19 12:35 299392 --a------ C:\WINDOWS\system32\imon.dll
2006-11-19 12:35 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2006-11-19 11:39 -------- d-------- C:\Program Files\BFG
2006-11-16 14:05 -------- d-------- C:\Program Files\MSN Games
2006-11-13 19:52 -------- d-------- C:\Program Files\EasyJob Resume Builder
2006-11-11 15:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-11 15:48 -------- d-------- C:\Program Files\mobile PhoneTools
2006-11-10 21:35 -------- d-------- C:\Program Files\Luxor Mahjong
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 20:09 -------- d-------- C:\Program Files\Adobe
2006-11-02 12:39 -------- d-------- C:\Program Files\Phantasia
2006-11-02 12:38 -------- d-------- C:\Program Files\ReflexiveArcade
2006-11-01 21:36 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-10-29 17:48 -------- d-------- C:\Program Files\TextAloud
2006-10-29 17:47 -------- d-------- C:\Program Files\ScreenFlash
2006-10-29 17:42 -------- d-------- C:\Program Files\No-IP
2006-10-29 17:39 -------- d-------- C:\Program Files\Java
2006-10-25 21:56 -------- d-------- C:\Program Files\Kodak
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"="C:\\Program Files\\Mozilla Firefox\\plugins\\GetFlash.exe -p"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PowerStrip"="c:\\program files\\powerstrip\\pstrip.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6d,01,00,00,00,00,00,00,93,02,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,b6,01,00,00,00,00,00,00,4a,02,00,00,00,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,b6,01,00,00,00,00,00,00,4a,02,00,00,00,03,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:b1,00,00,00
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:b1,00,00,00
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Adam^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Adam\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.exe "
"item"="Adobe Gamma"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.exe "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HFS-PSPortal.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HFS-PSPortal.lnk"
"backup"="C:\\WINDOWS\\pss\\HFS-PSPortal.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Hfs\\hfs.exe "
"item"="HFS-PSPortal"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.exe -h"
"item"="Kodak EasyShare software"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\KODAK Software Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\KODAK Software Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\BACKWE~1.exe "
"item"="KODAK Software Updater"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.exe -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Kristy\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freedom]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Freedom"
"hkey"="HKLM"
"command"="C:\\Program Files\\Zero Knowledge\\Freedom\\Freedom.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gcasServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pstrip"
"hkey"="HKLM"
"command"="c:\\program files\\powerstrip\\pstrip.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SP2ConnPatcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sp2connpatcher"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\SP2 Connection Patcher\\sp2connpatcher.exe\" -n=200"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Versato"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\USB_Kbd\\Versato.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="etsgw"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\etsgw.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\WebReg psc 1400 series.job
Completion time: 06-12-23 9:59:30.78
C:\ComboFix.txt ... 06-12-23 09:59
C:\ComboFix2.txt ... 06-12-18 22:16
C:\ComboFix3.txt ... 06-11-30 21:19

Response Number 9

Name: jabuck
Date: December 23, 2006 at 09:01:25 Pacific

Reply:

How many accounts are on the computer? Does everyone log in the same way are do you have different passwords?
Untill we get the computer clean we need to uninstall some programs if they are installed. Go to start> control panel> add/remove programs and uninstall these programs if found:
MessengerPlus3
LimeWire
ISTsvc
Big Fish Games Toolbar
Reboot into safe mode
Turn off realtime protection in AVG Anti-Spyware:

Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
Reply 'no' and set it to 'inactive' for the duration of your cleanup.
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Run Hijack This and remove these items:
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
Exit Hijack This but remain in safe mode.
Navigate to and delete the files if found:
C:\Program fies\LimeWire\LimeWire.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\etsgw.exe
navigate to and delete thes folders if found:
C:\Program fies\LimeWire
C:\Program Files\MessengerPlus! 3
C:\Program Files\ISTsvc
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program File]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Post a new Hijack This log an a new combofix log please.

Sponsored Link

Ads by Google

Problem with Winfixer

Ez to use free firewall

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Still need help with b.exe Removal!

need help with searchv.com

Summary

www.computing.net/answers/security/need-help-with-searchvcom/6859.html

How do I remove Nail.exe from PC

Summary

www.computing.net/answers/security/how-do-i-remove-nailexe-from-pc/16467.html

hacked by find4u.net, need help

Summary

www.computing.net/answers/security/hacked-by-find4unet-need-help/11676.html

From the Geek Dictionary
Hard Drive - A hard drive is where your data is stored. The hard drive is the primary st...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
automatic shut down

excel formulas

Help me... :'(

Wordpad + Paint have gone standalone

DirectX 5?!?!

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE