lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Can't Open Task Manager

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 23rd Dec 2007, 17:38
Member Group
  
Alright, so I've read around a bit and it seems that there are various solutions. I'm running regula Windows Vista. Ctrl Alt Del doesn't work...right click doesn't work. when I search for Taskmgr.exe it says it's been disabled by the Administrator. What can I do?
  #2  
Old 23rd Dec 2007, 17:41
Administrator Group
  
Vista is different to XP.

Right click the taskbar, then click task manager.
__________________

My System: Hybr!d

Processor(s):
AMD Turion 64 x2 TL-64 2.2GHz
Motherboard:
HP nForce 560
RAM Memory:
2GB DDR2 PC2-5300
Graphics Card(s):
Nvidia 7150M Onboard Integrated
Sound Card:
5.1 Onboard Integrated
Hard Drive(s):
250GB 5400RPM SATA300
Optical Drive(s):
18x CD/DVDRW-DL ATA
Case / PSU:
Stock HP
Cooling:
Stock HP
Network / Internet:
10/100 Nic / 10MB Virgin Cable
Monitor(s):
17" WXGA+ HD BrightView Widescreen
Operating System(s):
Windows 7 Ultimate 32Bit
  #3  
Old 23rd Dec 2007, 18:11
Member Group
  
I right clicked the task bar and it's grayed out. However I searched around a bit and I found a site with a direct link to my Reged and it gave me the warnings and then I just exited out because I had no idea what I was doing. Afterwards out of curiousity I cheked the task bar and it wasn't grayed out. I restarted my computer(to make sure it wasn't a temporary thing) and for some wierd reason when the screen to log in would come up...it said press Ctrl Alt Del to log in. I don't understand what happened.
  #4  
Old 23rd Dec 2007, 19:11
Member Group
  
Here's my Hijackthis log

C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Yasmany\Desktop\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BDEX System - {A8565FBC-8D53-4D4F-9BB0-CBC68A22B126} - C:\Windows\blopenvxdt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\Windows\system32\fastRX.dll (file missing)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Users\Yasmany\Desktop\Veoh\Plugins\reg\VeohTool bar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: The retnsrp - {CC304A4D-FC79-4CD3-9A67-46E3AF59319D} - C:\Windows\retnsrp.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [kpx] C:\Windows\system32\rundll32.exe C:\Windows\system32\fastRX.dll DllInitApp
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Users\Yasmany\Desktop\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O21 - SSODL: leorop - {38CA8AE4-A78E-4111-8D0E-BDDF145A5040} - C:\Windows\leorop.dll
O21 - SSODL: nopzet - {9543D4D7-3E5B-4B70-BB93-83AC9865627C} - C:\Windows\nopzet.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
  #5  
Old 31st Dec 2007, 01:33
Member Group
  
Your system is riddled with malware.

Go HERE and follow the instructions exactly.

Post the requested log files.

I`ll get a mod to move this thread back to the security forum. Don`t know why it got moved from there in the first place.

Regards Howard.
  #6  
Old 5th Jan 2008, 18:05
Member Group
  
Before putting up anything I want to note that when I went to run the Online scan it would not let me... it said something about not having permission.

When I looked in my Add/Remove hardware These are some of the things I found a little suspicious or that I knew nothing about.

MSXML 4.0 SP2
My Search Bar
muvee autoProducer 5.0
Smart Video Codec v1.6

SUPERAntiSpyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/05/2008 at 07:32 PM
Application Version : 3.9.1008
Core Rules Database Version : 3374
Trace Rules Database Version: 1369
Scan type : Complete Scan
Total Scan Time : 01:23:02
Memory items scanned : 712
Memory threats detected : 1
Registry items scanned : 8254
Registry threats detected : 122
File items scanned : 60434
File threats detected : 12
Trojan.Net-MSV/VPS-Variant
C:\WINDOWS\BLOPENVXDT.DLL
C:\WINDOWS\BLOPENVXDT.DLL
HKLM\Software\Classes\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}
HKCR\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}
HKCR\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}
HKCR\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}\InprocServer32
HKCR\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}\InprocServer32#ThreadingModel
HKCR\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}\ProgID
HKCR\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}\Programmable
HKCR\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}\TypeLib
HKCR\CLSID\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{A8565FBC-8D53-4D4F-9BB0-CBC68A22B126}
Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\InprocServer32#ThreadingModel
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\Programmable
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\TypeLib
C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32#ThreadingModel
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\Programmable
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\0
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\0\win32
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\FLAGS
HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\HELPDIR
HKU\S-1-5-21-3682377349-2593316749-328379415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{E09962E7-A39E-4F60-8003-66D57BED27B7}
HKCR\CLSID\{E09962E7-A39E-4F60-8003-66D57BED27B7}
HKCR\CLSID\{E09962E7-A39E-4F60-8003-66D57BED27B7}
HKCR\CLSID\{E09962E7-A39E-4F60-8003-66D57BED27B7}\InprocServer32
HKCR\CLSID\{E09962E7-A39E-4F60-8003-66D57BED27B7}\InprocServer32#ThreadingModel
HKCR\CLSID\{E09962E7-A39E-4F60-8003-66D57BED27B7}\ProgID
HKCR\CLSID\{E09962E7-A39E-4F60-8003-66D57BED27B7}\Programmable
HKCR\CLSID\{E09962E7-A39E-4F60-8003-66D57BED27B7}\TypeLib
HKCR\CLSID\{E09962E7-A39E-4F60-8003-66D57BED27B7}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\FASTRX.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E09962E7-A39E-4F60-8003-66D57BED27B7}
Adware.Tracking Cookie
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Cookies\yasmany@ar.atwola[2].txt
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Cookies\yasmany@atwola[1].txt
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Cookies\yasmany@doubleclick[1].txt
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Cookies\yasmany@adlegend[1].txt
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Cookies\yasmany@advertising[2].txt
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Cookies\yasmany@2o7[1].txt
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Cookies\yasmany@atdmt[2].txt
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Cookies\yasmany@mediaplex[1].txt
Adware.180solutions/Seekmo
HKCR\Seekmo.DesktopFlash
HKCR\Seekmo.DesktopFlash\CLSID
HKCR\Seekmo.DesktopFlash\CurVer
HKCR\Seekmo.DesktopFlash.1
HKCR\Seekmo.DesktopFlash.1\CLSID
HKCR\SeekmoAX.ClientDetector
HKCR\SeekmoAX.ClientDetector\CLSID
HKCR\SeekmoAX.ClientDetector\CurVer
HKCR\SeekmoAX.ClientDetector.1
HKCR\SeekmoAX.ClientDetector.1\CLSID
HKCR\SeekmoAX.UserProfiles
HKCR\SeekmoAX.UserProfiles\CLSID
HKCR\SeekmoAX.UserProfiles\CurVer
HKCR\SeekmoAX.UserProfiles.1
HKCR\SeekmoAX.UserProfiles.1\CLSID
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\Control
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\InprocServer32
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\InprocServer32#ThreadingModel
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\MiscStatus
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\MiscStatus\1
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\ProgID
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\Programmable
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\ToolboxBitmap32
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\TypeLib
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\Version
HKCR\CLSID\{1F158A1E-A687-4a11-9679-B3AC64B86A1C}\VersionIndependentProgID
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}#AppID
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\LocalServer32
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\ProgID
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\Programmable
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\TypeLib
HKCR\CLSID\{914A8F99-38E4-47ec-B875-2B0653516030}\VersionIndependentProgID
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\InprocServer32
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\InprocServer32#ThreadingModel
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\ProgID
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\Programmable
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\TypeLib
HKCR\CLSID\{E313F5DC-CFE7-4568-84A4-C76653547571}\VersionIndependentProgID
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0\0
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0\0\win32
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0\FLAGS
HKCR\TypeLib\{995E885E-3FF5-4F66-A107-8BFB3A0F8F12}\1.0\HELPDIR
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0\0
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0\0\win32
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0\FLAGS
HKCR\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979}\1.0\HELPDIR
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}\ProxyStubClsid
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}\ProxyStubClsid32
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}\TypeLib
HKCR\Interface\{BD5258AF-20AE-4BD3-B748-B2851ACA7335}\TypeLib#Version
HKCR\AppId\SeekmoSA_df.exe
HKCR\AppId\SeekmoSA_df.exe#AppID
HKCR\AppId\{4A40E8FC-C7E4-4F57-9FA4-85DD77402897}
HKU\S-1-5-21-3682377349-2593316749-328379415-1000\Software\seekmosa
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SeekmoSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SeekmoSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SeekmoSA#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SeekmoSA#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SeekmoSA#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SeekmoSA#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SeekmoSA#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SeekmoSA#URLInfoAbout
HKLM\Software\Microsoft\Windows\CurrentVersion\Run #SeekmoOE [ C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe ]
C:\Users\Yasmany\AppData\Roaming\Seekmo
Trojan.DNSChanger-Codec
HKCR\VAC.Video
HKCR\VAC.Video\CLSID
Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer
Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WebVideo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WebVideo#uninstallString



Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:58 PM, on 12/23/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Yasmany\Desktop\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BDEX System - {A8565FBC-8D53-4D4F-9BB0-CBC68A22B126} - C:\Windows\blopenvxdt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\Windows\system32\fastRX.dll (file missing)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Users\Yasmany\Desktop\Veoh\Plugins\reg\VeohTool bar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: The retnsrp - {CC304A4D-FC79-4CD3-9A67-46E3AF59319D} - C:\Windows\retnsrp.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [kpx] C:\Windows\system32\rundll32.exe C:\Windows\system32\fastRX.dll DllInitApp
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Users\Yasmany\Desktop\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O21 - SSODL: leorop - {38CA8AE4-A78E-4111-8D0E-BDDF145A5040} - C:\Windows\leorop.dll
O21 - SSODL: nopzet - {9543D4D7-3E5B-4B70-BB93-83AC9865627C} - C:\Windows\nopzet.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13628 bytes
  #7  
Old 5th Jan 2008, 19:34
Member Group
  
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

MySearch
bar
Seekmo
Viewpoint

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewpointService.exe
launcher.exe
SeekmoSA.exe
OEAddOn.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: BDEX System - {A8565FBC-8D53-4D4F-9BB0-CBC68A22B126} - C:\Windows\blopenvxdt.dll

O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\Windows\system32\fastRX.dll (file missing)

O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O3 - Toolbar: The retnsrp - {CC304A4D-FC79-4CD3-9A67-46E3AF59319D} - C:\Windows\retnsrp.dll

O4 - HKLM\..\Run: [kpx] C:\Windows\system32\rundll32.exe C:\Windows\system32\fastRX.dll DllInitApp

O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe

O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O21 - SSODL: leorop - {38CA8AE4-A78E-4111-8D0E-BDDF145A5040} - C:\Windows\leorop.dll

O21 - SSODL: nopzet - {9543D4D7-3E5B-4B70-BB93-83AC9865627C} - C:\Windows\nopzet.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\Viewpoint<Delete the entire folder.
C:\Windows\nopzet.dll
C:\Windows\leorop.dll

%WINDIR%\SMINST\launcher.exe
C:\Program Files\Seekmo<Delete the entire folder.
C:\Windows\system32\fastRX.dll

C:\Windows\retnsrp.dll
C:\Program Files\MySearch<Delete the entire folder.
C:\Windows\blopenvxdt.dll

Reboot into normal mode and rehide your protected OS files.

Download combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Post the Combofix log as well as a fresh HJT log.

Regards Howard.
  #8  
Old 5th Jan 2008, 19:45
Member Group
  
Man I have bad timing. I just found out how to run the online scan. I'm running it right now as we speak. Do you still want me to do as you said.
  #9  
Old 5th Jan 2008, 19:47
Member Group
  
Forget the online scan for now, just follow the instructions I have given you.

Regards Howard.
  #10  
Old 5th Jan 2008, 21:01
Member Group
  
When I try to Run Combofix I get the blue window but then it says preparing to run, then Out of Memory OR access violation and then I get another pop up saying "Freeware implementation of REG.EXE has stopped working and it forces me to close down the program. Do you want me to post the HJT log?

I apologize for all this trouble.

Wait a second, I don't know how but now it's working I'm going to run it.
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.