Jump to content

Recommended Posts

Getting messages on opening files with media player gomplayer and some streaming sites, running XP so there should be no program compatibility assistant to begin with. The popups take me to a payed site for a codex with i'm obviously not planning to do...

plz help me, here's my log, already ran some walware removal etc but nothing positive came out:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:01, on 10-05-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\csrss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\windows\system32\svchost.exe

C:\windows\system32\nvsvc32.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\windows\System32\alg.exe

C:\windows\system32\wscntfy.exe

C:\windows\system32\WgaTray.exe

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\windows\system32\CTHELPER.EXE

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\windows\system32\svchost.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe

C:\Program Files\HP\HP Software Update\HPWUCli.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

C:\Program Files\hijack\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: the blinkx toolbar - {F08555B0-9CC3-11D2-AA8E-000000000567} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_shook.dll

O2 - BHO: The blinkx Toolbar - {0069B690-7A2B-41C5-98CA-9F535B4C8532} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_bho.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: The blinkx Toolbar - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [steam] "F:\fear2\Steam.exe" -silent

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [blinkx_toolbar] "C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe" -startservice

O4 - HKCU\..\Run: [igndlm.exe] H:\space\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://vea.vlaanderen.be/dana-cached/setup...perSetupSP1.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)

O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1ca0cb29f56f58e) (gupdate1ca0cb29f56f58e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: (no name) - http://www.wow-europe.com/shared/wow-com/i...elves/thumb.jpg

--

End of file - 12455 bytes

Link to post
Share on other sites

Hello Clayke! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

  • Open HijackThis, click Config, click Misc Tools
  • Click Open Uninstall Manager
  • Click Save List (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

Link to post
Share on other sites

Thx in advance for the help Borislav, here's the result of what you asked me:

Ad-Aware SE Personal

Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin

Adobe Reader 9.3 - Nederlands

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

AsusUpdate

AVS DVD Player version 2.3

Beveiligingsupdate for Windows Media Player 10 (KB917734)

Beveiligingsupdate for Windows Media Player 10 (KB936782)

Beveiligingsupdate for Windows XP (KB923689)

Beveiligingsupdate for Windows XP (KB941569)

Beveiligingsupdate voor Windows Media Player (KB911564)

Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)

Beveiligingsupdate voor Windows XP (KB890046)

Beveiligingsupdate voor Windows XP (KB893756)

Beveiligingsupdate voor Windows XP (KB896358)

Beveiligingsupdate voor Windows XP (KB896422)

Beveiligingsupdate voor Windows XP (KB896423)

Beveiligingsupdate voor Windows XP (KB896424)

Beveiligingsupdate voor Windows XP (KB896428)

Beveiligingsupdate voor Windows XP (KB899587)

Beveiligingsupdate voor Windows XP (KB899589)

Beveiligingsupdate voor Windows XP (KB899591)

Beveiligingsupdate voor Windows XP (KB900725)

Beveiligingsupdate voor Windows XP (KB901017)

Beveiligingsupdate voor Windows XP (KB901214)

Beveiligingsupdate voor Windows XP (KB902400)

Beveiligingsupdate voor Windows XP (KB904706)

Beveiligingsupdate voor Windows XP (KB905414)

Beveiligingsupdate voor Windows XP (KB905749)

Beveiligingsupdate voor Windows XP (KB905915)

Beveiligingsupdate voor Windows XP (KB908519)

Beveiligingsupdate voor Windows XP (KB908531)

Beveiligingsupdate voor Windows XP (KB911562)

Beveiligingsupdate voor Windows XP (KB911567)

Beveiligingsupdate voor Windows XP (KB911927)

Beveiligingsupdate voor Windows XP (KB912812)

Beveiligingsupdate voor Windows XP (KB912919)

Beveiligingsupdate voor Windows XP (KB913446)

Beveiligingsupdate voor Windows XP (KB913580)

Beveiligingsupdate voor Windows XP (KB914388)

Beveiligingsupdate voor Windows XP (KB914389)

Beveiligingsupdate voor Windows XP (KB916281)

Beveiligingsupdate voor Windows XP (KB917159)

Beveiligingsupdate voor Windows XP (KB917344)

Beveiligingsupdate voor Windows XP (KB917422)

Beveiligingsupdate voor Windows XP (KB917953)

Beveiligingsupdate voor Windows XP (KB918118)

Beveiligingsupdate voor Windows XP (KB918439)

Beveiligingsupdate voor Windows XP (KB918899)

Beveiligingsupdate voor Windows XP (KB919007)

Beveiligingsupdate voor Windows XP (KB920213)

Beveiligingsupdate voor Windows XP (KB920214)

Beveiligingsupdate voor Windows XP (KB920670)

Beveiligingsupdate voor Windows XP (KB920683)

Beveiligingsupdate voor Windows XP (KB920685)

Beveiligingsupdate voor Windows XP (KB921398)

Beveiligingsupdate voor Windows XP (KB921503)

Beveiligingsupdate voor Windows XP (KB921883)

Beveiligingsupdate voor Windows XP (KB922616)

Beveiligingsupdate voor Windows XP (KB922760)

Beveiligingsupdate voor Windows XP (KB922819)

Beveiligingsupdate voor Windows XP (KB923191)

Beveiligingsupdate voor Windows XP (KB923414)

Beveiligingsupdate voor Windows XP (KB923694)

Beveiligingsupdate voor Windows XP (KB923980)

Beveiligingsupdate voor Windows XP (KB924191)

Beveiligingsupdate voor Windows XP (KB924270)

Beveiligingsupdate voor Windows XP (KB924496)

Beveiligingsupdate voor Windows XP (KB924667)

Beveiligingsupdate voor Windows XP (KB925454)

Beveiligingsupdate voor Windows XP (KB925486)

Beveiligingsupdate voor Windows XP (KB925902)

Beveiligingsupdate voor Windows XP (KB926255)

Beveiligingsupdate voor Windows XP (KB926436)

Beveiligingsupdate voor Windows XP (KB927779)

Beveiligingsupdate voor Windows XP (KB927802)

Beveiligingsupdate voor Windows XP (KB928090)

Beveiligingsupdate voor Windows XP (KB928255)

Beveiligingsupdate voor Windows XP (KB928843)

Beveiligingsupdate voor Windows XP (KB929123)

Beveiligingsupdate voor Windows XP (KB929969)

Beveiligingsupdate voor Windows XP (KB930178)

Beveiligingsupdate voor Windows XP (KB931261)

Beveiligingsupdate voor Windows XP (KB931768)

Beveiligingsupdate voor Windows XP (KB931784)

Beveiligingsupdate voor Windows XP (KB932168)

Beveiligingsupdate voor Windows XP (KB933566)

Beveiligingsupdate voor Windows XP (KB933729)

Beveiligingsupdate voor Windows XP (KB935839)

Beveiligingsupdate voor Windows XP (KB935840)

Beveiligingsupdate voor Windows XP (KB936021)

Beveiligingsupdate voor Windows XP (KB937143)

Beveiligingsupdate voor Windows XP (KB937894)

Beveiligingsupdate voor Windows XP (KB938127)

Beveiligingsupdate voor Windows XP (KB938829)

Beveiligingsupdate voor Windows XP (KB939653)

Beveiligingsupdate voor Windows XP (KB941202)

Beveiligingsupdate voor Windows XP (KB941568)

Beveiligingsupdate voor Windows XP (KB942615)

Beveiligingsupdate voor Windows XP (KB943460)

Beveiligingsupdate voor Windows XP (KB944653)

blinkx Remote Toolbar

Browser Defender 2.0.6.15

CDex extraction audio

Celestia 1.6.0

Citrix XenApp Web Plugin

Cliprex DVD Ripper 1.0

Creative System Information

DC++ 0.698

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Plus Web Player

Download Manager 2.3.10

DVD Flick

Elecard MPEG2 Decoder Package 2.0

F.E.A.R. 2: Project Origin

GOM Player

Google Desktop

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

Google Update Helper

Graboid Video 1.6

Half-Life® 2

HDView for Internet Explorer

HiJackThis

Hitman - Codename 47

Hitman Blood Money

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB926239)

HP Deskjet D4300 Printer Driver Software 10.0 Rel .3

HP Imaging Device Functions 10.0

HP Photosmart Essential 2.5

HP Smart Web Printing

HP Solution Center 10.0

HP Update

InterVideo WinDVD 7

J2SE Runtime Environment 5.0 Update 8

Juniper Networks Setup Client Activex Control

M4A to MP3 Converter 1.2

Marvell Miniport Driver

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 Language Pack - NLD

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office XP Professional with FrontPage

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft WorldWide Telescope

Mozilla Firefox (2.0.0.20)

Mp3 Stream Recorder

MSN Toolbar

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 Parser and SDK

Natural Color Pro

Nero - Burning Rom (Web installer)

NVIDIA Drivers

Panda ActiveScan

Quake 4

QuickTime

Segoe UI

SLD CODEC PACK 1.5.3

Sony Ericsson Media Manager 1.2

Sony Picture Utility

Sony USB Driver

Sound Blaster Audigy 2 ZS

Spybot - Search & Destroy 1.4

Spyware Doctor 7.0

Steam

Stellarium 0.10.2

StreamPlug

System Requirements Lab

The Settlers II - 10th Anniversary

Update voor Windows XP (KB894391)

Update voor Windows XP (KB898461)

Update voor Windows XP (KB900485)

Update voor Windows XP (KB910437)

Update voor Windows XP (KB911280)

Update voor Windows XP (KB916595)

Update voor Windows XP (KB920872)

Update voor Windows XP (KB922582)

Update voor Windows XP (KB927891)

Update voor Windows XP (KB929338)

Update voor Windows XP (KB930916)

Update voor Windows XP (KB931836)

Update voor Windows XP (KB933360)

Update voor Windows XP (KB938828)

Update voor Windows XP (KB942763)

Update voor Windows XP (KB942840)

VC80CRTRedist - 8.0.50727.4053

Ventrilo Client

Veoh Web Player

VIA Integrated Setup Wizard

VideoLAN VLC media player 0.8.6i

Viewpoint Media Player

Virtual Cable Tester

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Live - Hulpprogramma voor uploaden

Windows Live aanmeldhulp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Essentials

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB890859

WinRAR

World of Warcraft

Xvid 1.2.2 final uninstall

XviD MPEG-4 Codec

Link to post
Share on other sites

Step 1:

Please, uninstall the following applications:

  1. Adobe Reader 9.3 - Nederlands
  2. Ask Toolbar

You can read, how to this in:

Step 2:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3:

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 4:

Please, download exehelper from here save it to your desktop.

1. Run exehelper.

2. Press any key to close a black window which should pop-up.

3. A log named exehelperlog.txt should open.

4. Post the contents of exehelperlog.txt in your next reply.

In your next reply, please include these log(s) in this sequence:

  1. JavaRa log
  2. exeHelper log

Link to post
Share on other sites

Ok i kinda did everything you asked, but some things I was unable to do or locate:

* I didnt find any Java in my control panel to remove

* I was unable to remove C:\Program Files\Common Files\Java, said some file was in use

Here are the logs you asked for

exeHelper by Raktor

Build 20100414

Run at 12:06:45 on 05/08/10

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat May 08 12:01:43 2010

Found and removed: C:\Program Files\Java\jre1.5.0_05

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: Software\JavaSoft\Java2D\1.5.0_03

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: Software\JavaSoft\Java2D\1.5.0_08

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510008

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510008

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510008

Found and removed: SOFTWARE\Classes\JavaPlugin.150_08

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_08

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_08

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510008

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510008

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150080}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_08

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_08\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.

Link to post
Share on other sites

This is it! Thanks! :)

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply with a new hijackthis log.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Link to post
Share on other sites

And here we have the 2 logs you asked for :

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4077

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

10-05-08 12:55:58

mbam-log-2010-05-08 (12-55-58).txt

Scantype: Snelle scan

Objecten gescand: 136339

Verstreken tijd: 8 minuut/minuten, 41 seconde(n)

Geheugenprocessen ge

Link to post
Share on other sites

Please, open HiJackThis and select Do a system scan only.

Check the following entries:

R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: The blinkx Toolbar - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.dll (file missing)

Then, close all open windows except that of HijackThis, and select Fix Checked.

Let me know how are things running now.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.