Page 1 of 2 12 LastLast
Results 1 to 15 of 25
  1. #1
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Problem to remove aBetterInternet

    This is my HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 5:02:41 PM, on 8/16/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\SYSTEM32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\Ati2evxx.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\SYSTEM32\Ati2evxx.exe
    F:\WINDOWS\Explorer.exe
    F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    F:\Program Files\Alwil Software\Avast4\ashServ.exe
    F:\Program Files\CPUCooL\CooLSrv.exe
    F:\Program Files\ewido\security suite\ewidoctrl.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\WINDOWS\system32\RioMSC.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    F:\Program Files\Logitech\iTouch\iTouch.exe
    F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    F:\WINDOWS\system32\ppojfvr.exe
    F:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    F:\WINDOWS\system32\LVCOMSX.EXE
    F:\Program Files\Logitech\Video\LogiTray.exe
    F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    F:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    F:\Program Files\Logitech\Video\FxSvr2.exe
    F:\Program Files\iTunes\iTunesHelper.exe
    F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    F:\Program Files\iPod\bin\iPodService.exe
    F:\Program Files\RamBooster\Rambooster.exe
    F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    F:\Program Files\Skype\Phone\Skype.exe
    F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    F:\Program Files\Logitech\SetPoint\KEM.exe
    G:\Program Files\foxmovies\bin\bin-0\foxmovies.exe
    F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    G:\Program Files\foxmovies\bin\bin-0\foxmoviesController.exe
    F:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    F:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    F:\Program Files\WinZip\WZQKPICK.EXE
    F:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    F:\Documents and Settings\Sergio Pons\My Documents\Antivirus\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.cnn.com/weather/forec...p?locCode=MMMY
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.cnn.com/weather/forec...p?locCode=MMMY
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQToolbar\toolbaru.dll
    F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\Nail.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvMixerTray] F:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [UpdateManager] "F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mmtask] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] F:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcsgous] F:\WINDOWS\system32\ppojfvr.exe r
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [RamBooster] F:\Program Files\RamBooster\Rambooster.exe
    O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Startup: Eyetide Launcher.lnk = F:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Fox Movies.lnk = G:\Program Files\foxmovies\bin\bin-0\foxmoviesCommand.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: SATARaid.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML

    Continue on next

  2. #2
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Re: Problem to remove aBetterInternet

    continue...

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rockstar.messenger.msn.com/rockstar.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: maven-8110 - {725F258B-6EDD-4CAB-873E-DD3BFFFC98F5} - G:\Program Files\foxmovies\bin\bin-0\protocolHandler.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - F:\Program Files\CPUCooL\CooLSrv.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - F:\WINDOWS\system32\RioMSC.exe

  3. #3
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Re: Problem to remove aBetterInternet

    And this is other stuff i got aout from same HiJackThis

    StartupList report, 8/16/2005, 5:05:09 PM
    StartupList version: 1.52.2
    Started from : F:\Documents and Settings\Sergio Pons\My Documents\Antivirus\hijackthis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================

    Running processes:

    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\SYSTEM32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\Ati2evxx.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\SYSTEM32\Ati2evxx.exe
    F:\WINDOWS\Explorer.exe
    F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    F:\Program Files\Alwil Software\Avast4\ashServ.exe
    F:\Program Files\CPUCooL\CooLSrv.exe
    F:\Program Files\ewido\security suite\ewidoctrl.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\WINDOWS\system32\RioMSC.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    F:\Program Files\Logitech\iTouch\iTouch.exe
    F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    F:\WINDOWS\system32\ppojfvr.exe
    F:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    F:\WINDOWS\system32\LVCOMSX.EXE
    F:\Program Files\Logitech\Video\LogiTray.exe
    F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    F:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    F:\Program Files\Logitech\Video\FxSvr2.exe
    F:\Program Files\iTunes\iTunesHelper.exe
    F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    F:\Program Files\iPod\bin\iPodService.exe
    F:\Program Files\RamBooster\Rambooster.exe
    F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    F:\Program Files\Skype\Phone\Skype.exe
    F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    F:\Program Files\Logitech\SetPoint\KEM.exe
    G:\Program Files\foxmovies\bin\bin-0\foxmovies.exe
    F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    G:\Program Files\foxmovies\bin\bin-0\foxmoviesController.exe
    F:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    F:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    F:\Program Files\WinZip\WZQKPICK.EXE
    F:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    F:\Documents and Settings\Sergio Pons\My Documents\Antivirus\hijackthis\HijackThis.exe
    F:\WINDOWS\system32\NOTEPAD.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [F:\Documents and Settings\Sergio Pons\Start Menu\Programs\Startup]
    Eyetide Launcher.lnk = F:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe

    Shell folders Common Startup:
    [F:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    ATI CATALYST System Tray.lnk = F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    Fox Movies.lnk = G:\Program Files\foxmovies\bin\bin-0\foxmoviesCommand.exe
    Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\KEM.exe
    Microsoft Broadband Networking.lnk = ?
    SATARaid.lnk = ?
    WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = F:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    zBrowser Launcher = F:\Program Files\Logitech\iTouch\iTouch.exe
    avast! = F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    NvMixerTray = F:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    MMTray = F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    UpdateManager = "F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    NeroFilterCheck = F:\WINDOWS\system32\NeroCheck.exe
    mmtask = F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    QuickTime Task = "F:\Program Files\QuickTime\qttask.exe" -atboottime
    gcasServ = "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    LVCOMSX = F:\WINDOWS\system32\LVCOMSX.EXE
    LogitechVideoRepair = F:\Program Files\Logitech\Video\ISStart.exe
    LogitechVideoTray = F:\Program Files\Logitech\Video\LogiTray.exe
    PCSuiteTrayApplication = F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    DataLayer = F:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    ATICCC = "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    Logitech Hardware Abstraction Layer = KHALMNPR.EXE
    iTunesHelper = "F:\Program Files\iTunes\iTunesHelper.exe"
    mcsgous = F:\WINDOWS\system32\ppojfvr.exe r

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    H/PC Connection Agent = "F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    RamBooster = F:\Program Files\RamBooster\Rambooster.exe
    Skype = "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    LogitechSoftwareUpdate = "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    PcSync = F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    msnmsgr = "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
    ctfmon.exe = F:\WINDOWS\system32\ctfmon.exe
    LDM = \Program\BackWeb-8876480.exe
    HijackThis startup scan = F:\Documents and Settings\Sergio Pons\My Documents\Antivirus\hijackthis\HijackThis.exe /startupscan

    --------------------------------------------------

    Shell & screensaver key from F:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe F:\WINDOWS\Nail.exe
    SCRNSAVE.EXE=none
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - F:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - F:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
    (no name) - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

    --------------------------------------------------

    Enumerating Download Program Files:

    [Checkers Class]
    InProcServer32 = F:\WINDOWS\Downloaded Program Files\msgrchkr.dll
    CODEBASE = http://messenger.zone.msn.com/binary...r.cab31267.cab

    [YInstStarter Class]
    InProcServer32 = F:\WINDOWS\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://download.yahoo.com/dl/installs/yinst0401.cab

    [MessengerStatsClient Class]
    InProcServer32 = F:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
    CODEBASE = http://messenger.zone.msn.com/binary...t.cab31267.cab

    [MsnMessengerSetupDownloadControl Class]
    InProcServer32 = F:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
    CODEBASE = http://messenger.msn.com/download/Ms...Downloader.cab

    [{B9191F79-5613-4C76-AA2A-398534BB8999}]
    CODEBASE = http://us.dl1.yimg.com/download.yaho...tocomplete.cab

    [ASquaredScanForm Element]
    InProcServer32 = F:\WINDOWS\DOWNLO~1\axscan.ocx
    CODEBASE = http://www.windowsecurity.com/trojanscan/axscan.cab

    [msnloader Class]
    InProcServer32 = F:\WINDOWS\system32\rockstar.dll
    CODEBASE = http://rockstar.messenger.msn.com/rockstar.cab

    [Shockwave Flash Object]
    InProcServer32 = F:\WINDOWS\system32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

    [MSN Chat Control 4.5]
    InProcServer32 = F:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://chat.msn.com/controls/msnchat45.cab

    [Solitaire Showdown Class]
    InProcServer32 = F:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
    CODEBASE = http://messenger.zone.msn.com/binary...n.cab31267.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: F:\WINDOWS\system32\SHELL32.dll
    CDBurn: F:\WINDOWS\system32\SHELL32.dll
    WebCheck: F:\WINDOWS\System32\webcheck.dll
    SysTray: F:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 10,224 bytes
    Report generated in 0.063 seconds

  4. #4
    Joined
    Apr 2001
    Location
    Los Angeles
    Posts
    21,104

    Re: Problem to remove aBetterInternet

    A response in your other post here: http://forums.pcper.com/showthread.p...01#post3576501

    Did the log file analyzer help?

  5. #5
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Re: Problem to remove aBetterInternet

    I use AVAST and Microsoft Antispyware, also i have Spy Bot and Adware, i got this virus stupidly through mesenger, i got a conversation froma friend and i didn't check it up, i just linked it and since then has been a nightmare.

    I tryed first with AVAST i couldn't remove some vonner.exe virus i was doing in normal way, also i tryed using spybot and Adware same results, i went a little research and evrything suggested to me doing the same bur in SAFE MODE, so i did it and took it LOOOOOOOOOOOOOOOOOOOOOOOOONG, but appearantly it was removed, WRONG, i did not did a scan througj spybot or adware in safe mode in that moment

    then i got this abetterinternet problem, sometimes i got some Aurora word after that but my Avast and my Microsoft detected that MALWARE, and it supposed to be cleaned but no, evrytime i restarted i got it again, i tryed Spybot and Adware, but same result, it looks removed but it shows again, my avast detected som malware, i pressed delete everytime, and i got no problem but later appear another and deleted and then other, they do not show instantly, after some minutes my avast detected them.

    I run again Microsoft Spy and SpyBot and Adware and alway they found this abetterinternet stuff, even i deleted and scaned again.

    So i went again in safe mode and this my jobe, they detected both and they looks it was cleaned, But NOT.

    I still am getting this malware.

    What to do.

    THANKS

  6. #6
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: Problem to remove aBetterInternet

    If it's constantly coming back upon reboot, it's probably hiding in one of your temp dirs somewhere and being reinstalled (called from the registry) upon each reboot.

    Disconnect from the net, boot into safe mode, delete all temp files from all temp locations (see sticky thread for a list of locations), scan and clean, and then reboot.

    Ned

  7. #7
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Re: Problem to remove aBetterInternet

    Ok,

    I'll try that one too

    THANKS

  8. #8
    Joined
    May 2003
    Location
    Toronto,Ontario
    Posts
    362

    Re: Problem to remove aBetterInternet

    Personally I wouldn't rely too much on the web based HJT analyzers. They are getting better, but they can't keep up with the changes in the different things that get detected. that and they have a bad habit of showing some perfectly safe things as being a risk.

    Best bet would be to go to one of these sites,

    http://www.spywarewarrior.com/index.php

    http://forums.spywareinfo.com/

    and post your HJT log there.

  9. #9
    Joined
    Oct 2001
    Location
    Erie, PA
    Age
    46
    Posts
    5,053

    Re: Problem to remove aBetterInternet

    BE SURE TO TURN OFF SYSTEM RESTORE BEFORE YOU DO ANY OF THIS!

    Ok I went through your log and found that you have a few things that need addressed immediately. To start with it looks like you have nail.exe running. See this thread here on how to remove it by itself. http://forums.pcper.com/showthread.php?t=390004

    The following entries also need removed with HJT but they may come back if you dont fix nail first.

    F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\Nail.exe
    O4 - HKLM\..\Run: [mcsgous] F:\WINDOWS\system32\ppojfvr.exe r (I believe that this is a random .exe generated by the nail.exe virus.)
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yah...utocomplete.cab

  10. #10
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Re: Problem to remove aBetterInternet

    THANKS, that Nail.exe is driving me crazy

  11. #11
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Re: How To Remove Trojan.Win32.Stervis.b

    I did it here are my reports:
    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 10:34:22 AM, 8/17/2005
    + Report-Checksum: 38585385

    + Scan result:

    [916] F:\WINDOWS\system32\acyvpg.exe -> Trojan.Agent.cp : Cleaned without backup
    F:\WINDOWS\system32\acyvpg.exe -> Trojan.Agent.gp : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@ehg-smsac.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@overture[2].txt -> Spyware.Cookie.Overture : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
    F:\Documents and Settings\Sergio Pons\Cookies\sergio pons@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned without backup


    ::Report End

  12. #12
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Re: How To Remove Trojan.Win32.Stervis.b

    HiJiack in safemode:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:34:46 AM, on 8/17/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\SYSTEM32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\explorer.exe
    F:\WINDOWS\system32\acyvpg.exe
    F:\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.cnn.com/weather/forec...p?locCode=MMMY
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.cnn.com/weather/forec...p?locCode=MMMY
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQToolbar\toolbaru.dll
    F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\Nail.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvMixerTray] F:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [UpdateManager] "F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mmtask] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] F:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [RamBooster] F:\Program Files\RamBooster\Rambooster.exe
    O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [HijackThis startup scan] F:\Documents and Settings\Sergio Pons\My Documents\Antivirus\hijackthis\HijackThis.exe /startupscan
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - F:\Program Files\CPUCooL\CooLSrv.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - F:\WINDOWS\system32\RioMSC.exe

  13. #13
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Re: How To Remove Trojan.Win32.Stervis.b

    After reboot i did a HiJack Scan again here is:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:41:47 AM, on 8/17/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\SYSTEM32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\Ati2evxx.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\SYSTEM32\Ati2evxx.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    F:\Program Files\Alwil Software\Avast4\ashServ.exe
    F:\Program Files\CPUCooL\CooLSrv.exe
    F:\Program Files\ewido\security suite\ewidoctrl.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\WINDOWS\system32\RioMSC.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Logitech\iTouch\iTouch.exe
    F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    F:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    F:\WINDOWS\system32\LVCOMSX.EXE
    F:\Program Files\Logitech\Video\LogiTray.exe
    F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\Program Files\Logitech\Video\FxSvr2.exe
    F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    F:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    F:\Program Files\iTunes\iTunesHelper.exe
    F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    F:\Program Files\RamBooster\Rambooster.exe
    F:\Program Files\iPod\bin\iPodService.exe
    F:\Program Files\Skype\Phone\Skype.exe
    F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\Documents and Settings\Sergio Pons\My Documents\Antivirus\hijackthis\HijackThis.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    F:\Program Files\Logitech\SetPoint\KEM.exe
    F:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    F:\Program Files\WinZip\WZQKPICK.EXE
    F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    F:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.cnn.com/weather/forec...p?locCode=MMMY
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.cnn.com/weather/forec...p?locCode=MMMY
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQToolbar\toolbaru.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvMixerTray] F:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [UpdateManager] "F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mmtask] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] F:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [RamBooster] F:\Program Files\RamBooster\Rambooster.exe
    O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [HijackThis startup scan] F:\Documents and Settings\Sergio Pons\My Documents\Antivirus\hijackthis\HijackThis.exe /startupscan
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - F:\Program Files\CPUCooL\CooLSrv.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - F:\WINDOWS\system32\RioMSC.exe

  14. #14
    Joined
    Oct 2001
    Location
    Erie, PA
    Age
    46
    Posts
    5,053

    Re: Problem to remove aBetterInternet

    Looks like you got it cleaned out. Are you still experiencing any problems?

  15. #15
    Joined
    Sep 2002
    Location
    Monterrey, N.L. MEXICO
    Age
    53
    Posts
    234

    Re: Problem to remove aBetterInternet

    Not for now

    I'll monitor my system and let you know.

    THANKS in ADVANCE

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •