Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-06-22 at 16:19:05
i dont know how i got it but a program called spy sheriff installed itself on my comp. it wont lemme change the backround and its 
ing up stuff. it pretends it is a anti spy thingy but i knee it wasnt real because it wouldnt install itself on my comp....
so i was hoping a computer genious on sen could help me delete it...
heres a computer log Logfile of HijackThis v1.99.1
Scan saved at 3:05:47 PM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\WINDOWS\av.exe
C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\stchost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
D:\ipod\iTunesHelper.exe
C:\WINDOWS\System32\msxct.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\hv23qlju.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\wanmpsvc.exe
D:\Program Files\AIM95\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\sami\emia.exe
C:\WINDOWS\System32\w?nlogon.exe
D:\ipod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\microsoft office\Office\OSA.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\VSTASCAN\vsaccess.exe
C:\WINDOWS\system32\init32m.exe
C:\WINDOWS\System32\Services\{7572B89A-4F5A-4A6C-B268-E362C2166949}\SVCHOST.EXE
C:\WINDOWS\System32\win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - (no file)
O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll
O2 - BHO: (no name) - {A811D84B-7B1E-E06C-B64B-CC51309338F0} - C:\WINDOWS\CdmFiles\kfwawdsjrj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [PTZDJQ] C:\WINDOWS\PTZDJQ.exe
O4 - HKLM\..\Run: [KVISAKYA] C:\WINDOWS\KVISAKYA.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [jehef] C:\WINDOWS\jehef.exe
O4 - HKLM\..\Run: [roh] C:\WINDOWS\roh.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\ipod\iTunesHelper.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [hv23qlju] C:\WINDOWS\System32\hv23qlju.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{7572B89A-4F5A-4A6C-B268-E362C2166949}\SVCHOST.EXE
O4 - HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{7572B89A-4F5A-4A6C-B268-E362C2166949}\SECURITY.EXE
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Steam] D:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Iinl] C:\Program Files\sami\emia.exe
O4 - HKCU\..\Run: [Zfblnbi] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\ILOOKUP\EZSTUB22.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: UMAX VistaAccess.lnk = D:\VSTASCAN\vsaccess.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: Office Startup.lnk = D:\microsoft office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = D:\microsoft office\Office\FINDFAST.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Home Prefix: http://103.nowfind.net/gall.php?url=
O13 - Mosaic Prefix: http://103.nowfind.net/gall.php?url=
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\ACAD2000\AcDcToday.ocx
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4600
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\ACAD2000\InstBanr.ocx
O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-00A0C99A7357} (SpeedCtl Class) - http://iweb.intertainer.com/eod/downloads/SpeedTest.dll
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\ACAD2000\InstFred.ocx
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.walmartphotocenter.com/photo/upload/XUpload.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4022b.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\ACAD2000\AcPreview.ocx
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccommon/download/sonyctl.CAB
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O21 - SSODL: System - {37016E39-7018-4DD1-9187-4B5EC0057E32} - vr_sys.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\ipod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: Vultcokwuimf - VIA Technologies, Inc. - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
ing up stuff. it pretends it is a anti spy thingy but i knee it wasnt real because it wouldnt install itself on my comp....so i was hoping a computer genious on sen could help me delete it...
CODE
heres a computer log Logfile of HijackThis v1.99.1
Scan saved at 3:05:47 PM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\WINDOWS\av.exe
C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\stchost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
D:\ipod\iTunesHelper.exe
C:\WINDOWS\System32\msxct.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\hv23qlju.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\wanmpsvc.exe
D:\Program Files\AIM95\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\sami\emia.exe
C:\WINDOWS\System32\w?nlogon.exe
D:\ipod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\microsoft office\Office\OSA.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\VSTASCAN\vsaccess.exe
C:\WINDOWS\system32\init32m.exe
C:\WINDOWS\System32\Services\{7572B89A-4F5A-4A6C-B268-E362C2166949}\SVCHOST.EXE
C:\WINDOWS\System32\win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - (no file)
O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll
O2 - BHO: (no name) - {A811D84B-7B1E-E06C-B64B-CC51309338F0} - C:\WINDOWS\CdmFiles\kfwawdsjrj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [PTZDJQ] C:\WINDOWS\PTZDJQ.exe
O4 - HKLM\..\Run: [KVISAKYA] C:\WINDOWS\KVISAKYA.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [jehef] C:\WINDOWS\jehef.exe
O4 - HKLM\..\Run: [roh] C:\WINDOWS\roh.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\ipod\iTunesHelper.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [hv23qlju] C:\WINDOWS\System32\hv23qlju.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{7572B89A-4F5A-4A6C-B268-E362C2166949}\SVCHOST.EXE
O4 - HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{7572B89A-4F5A-4A6C-B268-E362C2166949}\SECURITY.EXE
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Steam] D:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Iinl] C:\Program Files\sami\emia.exe
O4 - HKCU\..\Run: [Zfblnbi] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\ILOOKUP\EZSTUB22.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: UMAX VistaAccess.lnk = D:\VSTASCAN\vsaccess.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: Office Startup.lnk = D:\microsoft office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = D:\microsoft office\Office\FINDFAST.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Home Prefix: http://103.nowfind.net/gall.php?url=
O13 - Mosaic Prefix: http://103.nowfind.net/gall.php?url=
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\ACAD2000\AcDcToday.ocx
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4600
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\ACAD2000\InstBanr.ocx
O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-00A0C99A7357} (SpeedCtl Class) - http://iweb.intertainer.com/eod/downloads/SpeedTest.dll
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\ACAD2000\InstFred.ocx
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.walmartphotocenter.com/photo/upload/XUpload.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4022b.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\ACAD2000\AcPreview.ocx
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccommon/download/sonyctl.CAB
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O21 - SSODL: System - {37016E39-7018-4DD1-9187-4B5EC0057E32} - vr_sys.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\ipod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: Vultcokwuimf - VIA Technologies, Inc. - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Report, edit, etc...Posted by warhammer40000 on 2005-06-22 at 16:23:07
Looks like some kind of virus... Sorry, I would help you if i knew what this was.
But Macs dont get these.
[sub][sub][sub]Im being like this due to Mac-hating-losers who spam forums with their hate for mac[/sub][/sub][/sub]
But Macs dont get these.
[sub][sub][sub]Im being like this due to Mac-hating-losers who spam forums with their hate for mac[/sub][/sub][/sub]
Report, edit, etc...Posted by O)FaRTy1billion on 2005-06-22 at 16:26:19
I heard that if you go into Safe Mode it doesn't run anything so you can delete any programs, but I have never tried it.
Does XP have safe mode?
ADDITION:
That is what I was thinking. I know my old comp a whole bunch of shit installed itself and deleted my Windows Media player and a few other things, then eventually ed up my hard drive.
We even tried reformatting the hard drive...
/|\ don't let that scare you. Just try and remove it as fast as you can and try and back up your files just in case something does happen...
Does XP have safe mode?
ADDITION:
QUOTE(warhammer40000 @ Jun 22 2005, 01:23 PM)
Looks like some kind of virus... Sorry, I would help you if i knew what this was.
That is what I was thinking. I know my old comp a whole bunch of shit installed itself and deleted my Windows Media player and a few other things, then eventually
ed up my hard drive.We even tried reformatting the hard drive...
/|\ don't let that scare you. Just try and remove it as fast as you can and try and back up your files just in case something does happen...
Report, edit, etc...Posted by Lisk on 2005-06-22 at 16:32:11
http://www.hijackthis.de/
delete:
C:\WINDOWS\av.exe
C:\WINDOWS\System32\win32.exe
also your IE is messed up like hell.
clear your trusted zones.
and clear those registry entries.
XP does have a safe mode.
delete:
C:\WINDOWS\av.exe
C:\WINDOWS\System32\win32.exe
also your IE is messed up like hell.
clear your trusted zones.
and clear those registry entries.
XP does have a safe mode.
Report, edit, etc...Posted by Shmeeps on 2005-06-22 at 16:33:51
QUOTE
Does XP have safe mode?
Yes. When the computer is starting up, press F8 every few seconds.
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-06-22 at 16:34:27
i had done reasearch on it and went to forums for help but no one replied their. But the other people who had this problem the people told them to go into hijack this (the log program i showed you) and then check certain things. then go into safe mode and delete shit
Report, edit, etc...Posted by Lisk on 2005-06-22 at 16:36:54
yes, do that 
(if you cant in normal mode)
(if you cant in normal mode)Report, edit, etc...Posted by O)FaRTy1billion on 2005-06-22 at 16:46:39
Lots of programs you get an error if you try modifying it (moving/deleting). Safe Mode doesn't run anything so it allows you to delete anything. (I think)
Report, edit, etc...Posted by DT_Battlekruser on 2005-06-22 at 16:49:38
Use the command shell to delete it. It overrides stupid errors like the file is in use.
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-06-22 at 16:59:21
can someone tell me how to get in and out of safe mode .. just incase..
ADDITION:
can someone tell me how to get in and out of safe mode .. just incase..
ADDITION:
can someone tell me how to get in and out of safe mode .. just incase..
Report, edit, etc...Posted by DT_Battlekruser on 2005-06-22 at 16:59:34
Have you tried to delete it using te command shell?
Report, edit, etc...Posted by O)FaRTy1billion on 2005-06-22 at 17:01:40
QUOTE(Shmeeps @ Jun 22 2005, 01:33 PM)
Yes. When the computer is starting up, press F8 every few seconds.
To get out, just shut down and start back up.
EDIT: And do not be scared if in safe mode your computer is all
ed up, it is always like that. Just ignore the fact it is screwed up. When you turn it back on (not in safe mode) it should be normal.EDIT#2: I've never been on XP Safe Mode, but I expect it should be the same. (Low colors, low resolution, "Safe Mode" in every corner, and very.. odd)
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-06-22 at 17:04:06
can someone tell me how to get in and out of safe mode .. just incase..
Report, edit, etc...Posted by O)FaRTy1billion on 2005-06-22 at 17:06:40
QUOTE(O)FaRTy1billion @ Jun 22 2005, 02:01 PM)
To get out, just shut down and start back up.
EDIT: And do not be scared if in safe mode your computer is all ed up, it is always like that. Just ignore the fact it is screwed up. When you turn it back on (not in safe mode) it should be normal.
EDIT#2: I've never been on XP Safe Mode, but I expect it should be the same. (Low colors, low resolution, "Safe Mode" in every corner, and very.. odd)
EDIT: And do not be scared if in safe mode your computer is all
ed up, it is always like that. Just ignore the fact it is screwed up. When you turn it back on (not in safe mode) it should be normal.EDIT#2: I've never been on XP Safe Mode, but I expect it should be the same. (Low colors, low resolution, "Safe Mode" in every corner, and very.. odd)
... Is your SEN broken? Stop pressing the button!!
Report, edit, etc...Posted by Lisk on 2005-06-22 at 17:19:51
just to say it doesnt load most stuff including video,sound drivers
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-06-22 at 17:37:41
QUOTE(DT_Battlekruser @ Jun 22 2005, 04:59 PM)
Have you tried to delete it using te command shell?
[right][snapback]241356[/snapback][/right]
[right][snapback]241356[/snapback][/right]
wtf is that and how do i do it
also sen is
ed up everysite is and it takes forever to load up another page on IE or Firefoxrandom popups are popping up and these
ing programs are going on my desktop ...IM GOING CRAZY
this happend yesterday and my comps getting worse by the minutealso it gives me three choices of safe mode...
safe mode
safe mode with networking (i think networking...)
safe mode with i forget
Report, edit, etc...Posted by O)FaRTy1billion on 2005-06-22 at 17:44:27
Just Safe Mode.
And yes, you are having same (or similar) troubles I was. The popups eventually go away after a few weeks... unless you kill the program that causes them.
Also, in my windows folder I kept getting programs like "ghgjghjgjghj.exe".
Quickly find what is doing this, and delete them! Then after you delete them, make sure all your files and programs are still normal and working. (My windows media player was replaced with a wierd advertisement)
Don't want anyone to go through the same thing I had to... My comp died, I could get on safe mode and had to use floppys to transfer files. Safe mode is slow, so is 1mb floppys... but together...
Back up your files, and try and delete anything that is not supposed to be there.
(Hopefully you do not have anything as bad as I did... because my comp died. Litterally.)
And yes, you are having same (or similar) troubles I was. The popups eventually go away after a few weeks... unless you kill the program that causes them.
Also, in my windows folder I kept getting programs like "ghgjghjgjghj.exe".
Quickly find what is doing this, and delete them! Then after you delete them, make sure all your files and programs are still normal and working. (My windows media player was replaced with a wierd advertisement)
Don't want anyone to go through the same thing I had to... My comp died, I could get on safe mode and had to use floppys to transfer files. Safe mode is slow, so is 1mb floppys... but together...
Back up your files, and try and delete anything that is not supposed to be there.
(Hopefully you do not have anything as bad as I did... because my comp died. Litterally.)
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-06-22 at 17:56:21
i got a trojan also yesterday... but one of my anti virus thigys found it and killed it
Report, edit, etc...Posted by O)FaRTy1billion on 2005-06-22 at 17:56:48
I just want you to know I am not trying to scare you, and I am not saying that what happened to me will happen to you; I am just saying what has happened to me. I am saying what has happened to me just as a warning to what can happen, even though the chances may not be very high.
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-06-22 at 17:57:44
i got a trojan also yesterday... but one of my anti virus thigys found it and killed it
Report, edit, etc...Posted by O)FaRTy1billion on 2005-06-22 at 18:02:34
Do you keep clicking "Add Reply"? If you click it once, do not click it again, you keep repeating messages.
Also, if you got a trojan maybe another virus that was not detected slipped through. Try making sure your antivirus is up to date, and try scanning again.
Maybe try a spyware scan?
I would back up your files too if you can, because I lost everything on my other comp (except a few files, such as all the maps I started) Some of the files I can never replace, jsut because I failed to backup.
Also, if you got a trojan maybe another virus that was not detected slipped through. Try making sure your antivirus is up to date, and try scanning again.
Maybe try a spyware scan?
I would back up your files too if you can, because I lost everything on my other comp (except a few files, such as all the maps I started) Some of the files I can never replace, jsut because I failed to backup.
Report, edit, etc...Posted by ViolentMoose on 2005-06-22 at 18:06:29
wow thats a bad problem man do u have adaware,firewall,and anti viruse?
adaware helps alot it gets rid of the popups that anti viruses cant
adaware helps alot it gets rid of the popups that anti viruses cant
Report, edit, etc...Posted by DT_Battlekruser on 2005-06-22 at 18:30:36
QUOTE(n2o-Simpsons @ Jun 22 2005, 02:37 PM)
wtf is that and how do i do it
also sen is ed up everysite is and it takes forever to load up another page on IE or Firefox
random popups are popping up and these ing programs are going on my desktop ...
IM GOING CRAZY this happend yesterday and my comps getting worse by the minute
also it gives me three choices of safe mode...
safe mode
safe mode with networking (i think networking...)
safe mode with i forget
[right][snapback]241390[/snapback][/right]
also sen is
ed up everysite is and it takes forever to load up another page on IE or Firefoxrandom popups are popping up and these
ing programs are going on my desktop ...IM GOING CRAZY
this happend yesterday and my comps getting worse by the minutealso it gives me three choices of safe mode...
safe mode
safe mode with networking (i think networking...)
safe mode with i forget
[right][snapback]241390[/snapback][/right]
Go to Start>Run and run cmd.
you will see the command shell. Type "cd c:\program files\spy sherrif" (or wherever the thing you want t delete is).
then type "del spysherrif.exe"
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-06-23 at 12:05:26
ing spy sheriff well anyways thanks everyone for trying to help but me and my dad 
used hijack this to delete a shit load of viruses and their was one program that is fricken hard to kill called surfsidekick 3 and im not sure if my dad killed it cuz i went to sleep 
but my computer is virus free (i hope) thanksReport, edit, etc...Posted by O)FaRTy1billion on 2005-06-23 at 12:08:26
I think my old computer had the surfsidekick thing, something to do with surfing or searching.
My computer is Bye-bye and your problem is fixed, so I guess it doesn't really matter?
My computer is Bye-bye and your problem is fixed, so I guess it doesn't really matter?