Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: 8 viruses found, unable to delete.    (Read 32921 times)

0 Members and 1 Guest are viewing this topic.

dl65

  • R.I.P.


  • Prodigy

    Thanked: 18
    Re: 8 viruses found, unable to delete.  
    « Reply #15 on: June 06, 2006, 06:45:09 PM »
    great ...ok reboot into safe mode and scan with your av ......... not Ewido ....yet

    dl65  ::)
    If you don't know the answer, it isn't a dumb question.

    dl65

    • R.I.P.


    • Prodigy

      Thanked: 18
      Re: 8 viruses found, unable to delete.  
      « Reply #16 on: June 06, 2006, 06:49:28 PM »
      Dave ...do you know how to get into safe mode ?

      As soon as windows shuts down and just as it starts to load...repeatedly tap the F8 key until you are offered the varios start options ...choose SAFE mode

      dl65  ::)
      If you don't know the answer, it isn't a dumb question.

      DAVE9999

      • Guest
      Re: 8 viruses found, unable to delete.  
      « Reply #17 on: June 06, 2006, 07:55:25 PM »
      Booted up in safe mode, ran FULL ewado.   1 nasty found TrackingCookie.Yieldmanager .
      Deleted.

      The CCleaner removed about 9.9mb I'm sure it was.

      I hope those six viruses I mentioned are the only ones that is stopping the WMP 10 from streaming properly.   Keeps crashing on WMP stream web sites. loosing all funtuallity.

      Thanks.

      dl65

      • R.I.P.


      • Prodigy

        Thanked: 18
        Re: 8 viruses found, unable to delete.  
        « Reply #18 on: June 06, 2006, 08:01:07 PM »
        BTW , what anti virus program do you have installed .......

        Have you ran Ewido ....... now that you are back in normal mode ?

        I thought I asked you to run your anti virus in safe mode , not Ewido....it should be run in normal mode .

        dl65  ::)
        « Last Edit: June 06, 2006, 08:04:52 PM by dl65 »
        If you don't know the answer, it isn't a dumb question.

        dl65

        • R.I.P.


        • Prodigy

          Thanked: 18
          Re: 8 viruses found, unable to delete.  
          « Reply #19 on: June 06, 2006, 08:03:16 PM »
          There is one more thing I would suggest you do ..... run hijackthis and post the log here to inspect ........  Get it at .... http://www.majorgeeks.com/download3155.html

          hopefully then you issues will be gone ......

          dl65  ::)
          If you don't know the answer, it isn't a dumb question.

          DAVE9999

          • Guest
          Re: 8 viruses found, unable to delete.  
          « Reply #20 on: June 06, 2006, 08:03:47 PM »
          av as in anti-virus program as in NOT ewado that I ran.

          I'll have to pick this up again tommorrow.. its 02.30 am   the other tennents in house might moan at noise of computor cranking .

          I'll do the Avast Anti virus in Safe mode tomorrow.
          Thanks.

          dl65

          • R.I.P.


          • Prodigy

            Thanked: 18
            Re: 8 viruses found, unable to delete.  
            « Reply #21 on: June 06, 2006, 08:06:34 PM »
            lol ....... they must be really light sleepers ......

            Cheers
            dl65  ::)
            If you don't know the answer, it isn't a dumb question.

            dl65

            • R.I.P.


            • Prodigy

              Thanked: 18
              Re: 8 viruses found, unable to delete.  
              « Reply #22 on: June 06, 2006, 08:08:18 PM »
              Dave .....
              Quote
              av as in anti-virus program as in NOT ewado that I ran.
                 ...yes run anti virus ( av ) in safe mode , not Ewido .  ( run Ewido in normal mode )

              dl65  ::)
              If you don't know the answer, it isn't a dumb question.

              DAVE9999

              • Guest
              Re: 8 viruses found, unable to delete.  
              « Reply #23 on: June 06, 2006, 08:16:11 PM »
              Heres the HJT.

              Thanks.
              I'll have to send 2 posts as I havent a clue about  bmp jpg jpeg gif png swf zip files for the attachment.
              hard enough to get it into note pad.

              Logfile of HijackThis v1.99.1
              Scan saved at 03:08:48, on 07/06/2006
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              C:\Program Files\Alwil Software\Avast4\ashServ.exe
              C:\Program Files\ewido\security suite\ewidoctrl.exe
              C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
              C:\WINDOWS\system32\slserv.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\ups.exe
              C:\WINDOWS\system32\UAService7.exe
              C:\WINDOWS\system32\ZoneLabs\vsmon.exe
              C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\zHotkey.exe
              C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
              C:\WINDOWS\system32\hkcmd.exe
              C:\Program Files\Digital Media Reader\shwiconem.exe
              C:\WINDOWS\SOUNDMAN.EXE
              C:\WINDOWS\ALCWZRD.EXE
              C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
              C:\WINDOWS\system32\igfxpers.exe
              C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
              C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
              C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
              C:\Program Files\WebWasher\wwasher.exe
              C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
              C:\Program Files\Labtec Wireless Desktop\OSD.EXE
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Outlook Express\msimn.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Documents and Settings\david marks\My Documents\My Videos\hijackthis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igmaynard.co.uk/bongo/showroom.htm
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
              O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
              O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
              O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
              O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
              O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
              O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
              O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
              O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
              O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
              O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
              O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
              O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
              O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
              O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
              O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
              O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
              O4 - HKCU\..\Run: [WebWasher] C:\Program Files\WebWasher\wwasher.exe
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
              O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
              O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

              DAVE9999

              • Guest
              Re: 8 viruses found, unable to delete.  
              « Reply #24 on: June 06, 2006, 08:18:25 PM »
              and rest.

              O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
              O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
              O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
              O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
              O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
              O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
              O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
              O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
              O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
              O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
              O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
              O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
              O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
              O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
              O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119829022406
              O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.paltalk.com/webclienttest/webclientctl.cab
              O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
              O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
              O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
              O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
              O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
              O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
              O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
              O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
              O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
              O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
              O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
              O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
              O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

              Just fitted nicely.

              People cant use all that to hijack my computor can they??

              DAVE9999

              • Guest
              Re: 8 viruses found, unable to delete.  
              « Reply #25 on: June 06, 2006, 08:24:18 PM »
              Looks like I'll have to start again tommorrow, with the avast in safe mode, then ewado and I'll post another HJT.
              I'll write down anything found.

              The fan on the comp is blowing like a gale and cranking., Its 3.30am I'd best go.

              Thanks for your patience and    understanding.

              .

              dl65

              • R.I.P.


              • Prodigy

                Thanked: 18
                Re: 8 viruses found, unable to delete.  
                « Reply #26 on: June 06, 2006, 10:58:51 PM »
                DAVE9999.......

                Mark for removal the following :
                O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

                O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe      ( this ones bad )

                O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE         ( also a bad one )

                O8 - Extra context menu item: &Highlight -  
                        C:\WINDOWS\WEB\highlight.htm    

                O8 - Extra context menu item: &Links List -
                       C:\WINDOWS\WEB\urllist.htm  

                O8 - Extra context menu item: I&mages List -
                       C:\WINDOWS\Web\imglist.htm    
                  
                O8 - Extra context menu item: Zoom &In -
                       C:\WINDOWS\WEB\zoomin.htm    
                  
                O8 - Extra context menu item: Zoom O&ut -
                       C:\WINDOWS\WEB\zoomout.htm  

                O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

                O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.paltalk.com/webclienttest/webclientctl.cab    

                O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

                O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe    [highlight]Do you know this entry ...if so leave it , if not remove it .[/highlight]

                Ok ...... now click .... fix marked ........  and see how things are .......

                reboot and post a fresh hijackthis log .

                And to answer your question no the posted log will not comprimise your machine .

                dl65  ::)
                « Last Edit: June 06, 2006, 11:00:41 PM by dl65 »
                If you don't know the answer, it isn't a dumb question.

                DAVE9999

                • Guest
                Re: 8 viruses found, unable to delete.  
                « Reply #27 on: June 07, 2006, 05:33:21 AM »
                Hello dl65, I have a "labtec" mouse, came with a labtec ultra flat keyboard,  spilt milk on the keyboard and replaced it with original emachines wired keyboard.  still use the labtec unwired mouse.
                Found this relating to ShowWnd.exe  

                  ShowWnd ShowWnd.exe "Found on Gateway computers (and maybe others) - see here. ""Showwnd is included with the Chicony keyboard software and is used by the software to stop the keyboard driver's taskbar entry from reappearing. It is not necessary to remove the keyboard software  

                "Related software downloads for Chicony USB Keyboard Mouse"  
                Labtec Mouse 2.1
                Supports all Labtec mice.  

                found this of hjt for someone called hoopoe    at

                http://www.bleepingcomputer.com/forums/topic16767.html

                O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
                O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
                O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
                O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
                O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
                O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
                O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
                O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
                O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
                O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe


                He has in particular
                C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
                O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
                O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
                O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
                O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe


                I have
                C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
                C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
                C:\Program Files\Labtec Wireless Desktop\OSD.EXE
                O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
                O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
                O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

                Are you sure  about  [ShowWnd] ShowWnd.exe. ?   It may be genuine software, chicory software for the labtec keyboard/mouse.

                I just want to be extra sure, before I make a mistake.

                Thanks .  

                DAVE9999

                • Guest
                Re: 8 viruses found, unable to delete.  
                « Reply #28 on: June 07, 2006, 05:46:34 AM »
                Hello dl65,  here a hjt. thanks for answering the "is the hjt postings secure,
                All in 2 parts.

                Logfile of HijackThis v1.99.1
                Scan saved at 12:42:21, on 07/06/2006
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\Program Files\ewido\security suite\ewidoctrl.exe
                C:\WINDOWS\system32\slserv.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\ups.exe
                C:\WINDOWS\system32\UAService7.exe
                C:\WINDOWS\system32\ZoneLabs\vsmon.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\WINDOWS\system32\wuauclt.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\zHotkey.exe
                C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                C:\WINDOWS\system32\hkcmd.exe
                C:\Program Files\Digital Media Reader\shwiconem.exe
                C:\WINDOWS\SOUNDMAN.EXE
                C:\WINDOWS\ALCWZRD.EXE
                C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
                C:\WINDOWS\system32\igfxpers.exe
                C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\Program Files\iTunes\iTunesHelper.exe
                C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
                C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
                C:\Program Files\WebWasher\wwasher.exe
                C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
                C:\Program Files\iPod\bin\iPodService.exe
                C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
                C:\Program Files\Labtec Wireless Desktop\OSD.EXE
                C:\Documents and Settings\david marks\My Documents\My Videos\hijackthis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igmaynard.co.uk/bongo/showroom.htm
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
                O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
                O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
                O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
                O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
                O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
                O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
                O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
                O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
                O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
                O4 - HKCU\..\Run: [WebWasher] C:\Program Files\WebWasher\wwasher.exe
                O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
                O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
                O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
                O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
                O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
                O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm

                DAVE9999

                • Guest
                Re: 8 viruses found, unable to delete.  
                « Reply #29 on: June 07, 2006, 05:52:57 AM »
                And 2 nd part follows.

                Will do a CCleaner, then Avarst AV in safe mode then ewido then hjt, and post that on.  See if it picks up   those found when using Kapersky online  a few days ago as follows
                 
                C:\System Volume Information\_restore{4A29620B-0973-4CDA-BBC9-4088620A8365}\RP152\A0061781.exe Infected: Packed.Win32.Tibs skipped  
                 
                C:\temp\cs_mary.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped  
                 
                C:\temp\cs_mary.exe CreateInstall: infected - 1 skipped  
                 
                C:\temp\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped  
                 
                C:\temp\setup_ares.exe NSIS: infected - 1 skipped  
                 
                C:\temp\WarezP2P_DLC.exe/stream/data0035 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped  
                 
                C:\temp\WarezP2P_DLC.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet skipped  
                 
                C:\temp\WarezP2P_DLC.exe NSIS: infected - 2 skipped  












                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
                O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
                O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
                O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
                O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
                O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
                O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
                O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
                O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119829022406
                O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
                O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
                O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
                O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
                O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
                O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
                O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
                O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
                O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
                O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
                O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


                Many thanks,  I'll see if it has cleared up the WMP streaming problem.