When you installed HijackThis, it installed to a temporary folder. Creating a permanent folder will ensure that HijackThis is not accidentally deleted when we clean out these directories.
1. Click on "My Computer -> C:". Under the File menu, please click "New -> Folder"
2. Rename the new folder (for example, type "HJT" without the quotes) and move the HijackThis.exe file into the new directory.
You appear to be running more than one antivirus program. Please decide which to keep and uninstall or disable the others.
Running more than one antivirus scanner in real time actually reduces your amount of protection. It also causes system instability and you run the risk of data loss from a complete system crash that the instability can cause.
Download
Ewido anti-spyware to your desktop.
This is a 30 day free trial. At the end of the 30-day trial period the full version features (active guard, automatic updates...) will be deactivated and the program will become a feature-limited freeware version...You can still keep it and use it for "On Demand" scanning.
Double click the icon on the desktop to launch the set up program.
Select Change state to inactivate "Resident Shield" and "Automatic Updates". Right click on ewido in the system tray and uncheck "Start with Windows".
Once the setup is complete you will need to update the definition files.
On the main screen select the icon Update then select the Update now link.
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
Once in the Settings screen click on Recommended actions and then select Quarantine.
Under Reports
Select Automatically generate report after every scan
Un-Select Only if threats were found
Close ewido anti-spyware.
Please boot into Safe mode:
Restart the computer and immediately begin tapping the F8 key (or F5 on some Dell machines).
Use the arrow keys to highlight Safe Mode and press the Enter key. Once in safe mode, continue with the instructions below:
Launch ewido anti-spyware by double-clicking the icon on your desktop.
Select the Scanner icon at the top, then the Scan tab then click on Complete System Scan.
ewido will now begin the scanning process, be patient this may take some time.
When prompted of an infection, please select Apply all actions
Once the scan is complete do the following:
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to your Desktop.
Now close ewido anti-spyware.
Next, please run HijackThis again and check the following entries that may still be present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = T'internet O4 - HKLM\..\Run: bikini.exe O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -u Close all windows except for HijackThis then click
Fix Checked.
Locate and delete the following files/folders indicated in
Bold text:
C:\WINDOWS\system32\
bikini.exe
You may also have a folder labeled "Bikini.(something) just do a search for "Bikini" but without the quote marks. Delete all instances found
Reboot back to your normal user mode and post back a new HijackThis log along with the log from your Ewido scan. Please advise how the computer now performs for you and if you are having any other issues. Thanks!
i did everything u said and here is the new logfile of hjt.
i have 2 antivirus programs installed on my computer but one of them isnt running..im running bullguard, and the pcguard is disabled and i cant seem to uninstall it.. my comp hasnt had any crashes since i did what u said but its only been 10 minutes :D
Logfile of HijackThis v1.99.1
Scan saved at 18:18:55, on 12/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
In your last post, you said:
Quote:i did everything u said and here is the new logfile of hjt.
However, you did not move HijackThis to a permanent directory as instructed...you did not post your Ewido log...and you still have multi antivirus applications running. As well, upon further investigation, I determined that you also have two firewalls running (The BullGuard comes with both Antivirus and Firewall Software). With these multiple antivirus applications and firewalls, your system is slowed down considerably and the system crashes have already been explained.
Please do the following:
Click start-->control panel-->add/remove programs.
Scroll down the list and locate the following programs:
Blueyonder (PCguard)
Authentium Antivirus BitDefender ZoneAlarm
Click each program name to hightlight it, then click
Remove. Reboot the computer when finished uninstalling the software.
Post back a new HijackThis log which will show the remaining Antivirus application and firewall. Also, please post the Ewido scan log.
Logfile of HijackThis v1.99.1
Scan saved at 18:52:12, on 13/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
the blueyonder pcguard isnt running but i cant uninstall it, when i go on add/remove page it starts to uninstall then just stops uninstalling and goes back to the add/remove page?
the authentiumantivirus i cant find and ive never seen before? i did a search and i cant find anything for it??
Quote:the blueyonder pcguard isnt running but i cant uninstall it, when i go on add/remove page it starts to uninstall then just stops uninstalling and goes back to the add/remove page?
the authentiumantivirus i cant find and ive never seen before? i did a search and i cant find anything for it??
OK, but your log shows that they both are running...and the "dumprep" entries in the log are evidence of system crashes probably resulting from the multiple antivirus/firewall programs running. These entries below represent running processes and services relating to those two products:
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
The "Command Software executable is
Authentium antivirus. The "Blueyonder" PC Guard is also running. In addition to these two, you have your BullGuard antivirus and firewall application running. The BullGuard is the only one I wanted to see left in the log (since I thought that is the only one you wanted to keep).
Let's try a different way to see if we can uninstall the unwanted software. Click start-->all programs
look there for anything listed named "Blueyonder" or PCGuard. If located, move the cursor to that name to highlight it. Next, see if a drop down menu appears which may list other program components. If so, there could be listed there an uninstall string. It may be listed as "uninstall" but could also be listed as "unwise". You may even just see an icon listed there with a red line or red X through it. Any of those would be the uninstall string to the application. If located, click on it. The application should begin uninstalling. If nothing is located there, then do this:
Click start-->run
then type of copy and paste the following in the run box:
explorer.exe
then click 'OK'. When Windows Explorer opens, click "My Computer", then your local hard drive, then "Program Files". In the program files tree, scroll down the list and locate the folders for those programs respectively. For each, click the + sign next to the folder in the left pane. When the folder opens, look inside for the same thing as described above...the uninstall.exe or anything (as described above) that looks like an uninstaller for that program. Click on it to begin the uninstallation. If successful, in both cases for Authentium (Command Software) and Blueyonder (PCguard), reboot when finished.
Next, run HijackThis again and check the following:
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -u O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
Close all windows except for HijackThis then click
Fix Checked.
Locate and delete the following files/folders indicated in
bold text:
C:\Program Files\Common Files\
Command Software\dvpapi.exe C:\Program Files\
blueyonder\PCguard\fws.exe
Reboot the computer and post a new HijackThis log. Please advise how the computer is now performing for you and if you are having any other issues. Thanks!
1972vet
3.3K Posts
0
July 12th, 2006 03:00
When you installed HijackThis, it installed to a temporary folder. Creating a permanent folder will ensure that HijackThis is not accidentally deleted when we clean out these directories.
1. Click on "My Computer -> C:". Under the File menu, please click "New -> Folder"
2. Rename the new folder (for example, type "HJT" without the quotes) and move the HijackThis.exe file into the new directory.
You appear to be running more than one antivirus program. Please decide which to keep and uninstall or disable the others.
Running more than one antivirus scanner in real time actually reduces your amount of protection. It also causes system instability and you run the risk of data loss from a complete system crash that the instability can cause.
Download Ewido anti-spyware to your desktop.
This is a 30 day free trial. At the end of the 30-day trial period the full version features (active guard, automatic updates...) will be deactivated and the program will become a feature-limited freeware version...You can still keep it and use it for "On Demand" scanning.
Close ewido anti-spyware.
Please boot into Safe mode:
Restart the computer and immediately begin tapping the F8 key (or F5 on some Dell machines).
Use the arrow keys to highlight Safe Mode and press the Enter key. Once in safe mode, continue with the instructions below:
Once the scan is complete do the following:
- Next select the Reports icon at the top.
- Select the Save report as button in the lower left hand of the screen and save it to your Desktop.
Now close ewido anti-spyware.Next, please run HijackThis again and check the following entries that may still be present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = T'internet
O4 - HKLM\..\Run: bikini.exe
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -u
Close all windows except for HijackThis then click Fix Checked.
Locate and delete the following files/folders indicated in Bold text:
C:\WINDOWS\system32\ bikini.exe
You may also have a folder labeled "Bikini.(something) just do a search for "Bikini" but without the quote marks. Delete all instances found
Reboot back to your normal user mode and post back a new HijackThis log along with the log from your Ewido scan. Please advise how the computer now performs for you and if you are having any other issues. Thanks!
Red Jackal
5 Posts
0
July 12th, 2006 16:00
Message Edited by Red Jackal on 07-12-200612:44 PM
Message Edited by Red Jackal on 07-12-200612:45 PM
Red Jackal
5 Posts
0
July 12th, 2006 16:00
Scan saved at 18:18:55, on 12/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\steam\steam.exe
C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Darren\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ManageEngine Firewall Analyzer 4.0 (firewallanalyzer) - Unknown owner - C:\AdventNet\ME\Firewall\bin\wrapper.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Message Edited by Red Jackal on 07-12-200612:23 PM
1972vet
3.3K Posts
0
July 12th, 2006 21:00
Quote:i did everything u said and here is the new logfile of hjt.
However, you did not move HijackThis to a permanent directory as instructed...you did not post your Ewido log...and you still have multi antivirus applications running. As well, upon further investigation, I determined that you also have two firewalls running (The BullGuard comes with both Antivirus and Firewall Software). With these multiple antivirus applications and firewalls, your system is slowed down considerably and the system crashes have already been explained.
Please do the following:
Click start-->control panel-->add/remove programs.
Scroll down the list and locate the following programs:
Blueyonder (PCguard)
Authentium Antivirus
BitDefender
ZoneAlarm
Click each program name to hightlight it, then click Remove. Reboot the computer when finished uninstalling the software.
Post back a new HijackThis log which will show the remaining Antivirus application and firewall. Also, please post the Ewido scan log.
Red Jackal
5 Posts
0
July 13th, 2006 16:00
ewido anti-spyware - Scan Report
---------------------------------------------------------
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP255\A0364055.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP255\A0365051.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0376184.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0377063.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0378051.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0379055.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0381051.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0382053.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0383057.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0383125.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0383209.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0384223.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0385222.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0387222.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0388223.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0389222.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0390223.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0391223.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0392222.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0394223.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0395222.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0398222.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0399223.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0400222.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0400472.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP261\A0404922.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0378082.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP266\A0432665.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP276\A0522321.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0383114.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0400385.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0400471.exe -> Adware.NetNucleus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP276\A0522320.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP267\A0432700.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP267\A0432701.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439825.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439956.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439957.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP276\A0522317.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP276\A0522318.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP279\A0538391.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP255\A0367120.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0372056.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0376053.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0400406.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0400470.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP253\A0351917.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP253\A0352947.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP253\A0353942.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP253\A0356942.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP253\A0358078.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP254\A0360235.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP261\A0403764.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP261\A0404924.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP261\A0404925.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP262\A0408859.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP263\A0412909.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP264\A0423978.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP264\A0423979.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP264\A0423980.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP264\A0423981.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP264\A0423982.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP264\A0423983.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP264\A0423984.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP265\A0432011.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439780.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439781.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439826.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439835.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439837.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439838.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439840.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439958.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439960.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439961.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439963.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439966.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439970.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439971.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0443983.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP276\A0522316.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP275\A0521312.ocx -> Downloader.VB.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0383211.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP253\A0359080.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP255\A0362021.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP261\A0404923.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP261\A0404930.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP261\A0408824.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP264\A0431003.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP265\A0432007.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP267\A0434745.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439795.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439796.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439827.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP268\A0439828.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP272\A0499185.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP276\A0522314.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP276\A0522315.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0400384.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP254\A0361943.exe -> Trojan.VB.abv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP255\A0363053.exe -> Trojan.VB.abv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0371054.exe -> Trojan.VB.abv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0372057.exe -> Trojan.VB.abv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0373056.exe -> Trojan.VB.abv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0375054.exe -> Trojan.VB.abv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP256\A0376054.exe -> Trojan.VB.abv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0400418.exe -> Trojan.VB.abv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EE3E96C7-148B-4FFC-BFB5-D0C1C0FDD3F2}\RP257\A0400419.exe -> Trojan.VB.abv : Cleaned with backup (quarantined).
::Report end
Red Jackal
5 Posts
0
July 13th, 2006 16:00
Scan saved at 18:52:12, on 13/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\program files\steam\steam.exe
C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\hjt\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ManageEngine Firewall Analyzer 4.0 (firewallanalyzer) - Unknown owner - C:\AdventNet\ME\Firewall\bin\wrapper.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
1972vet
3.3K Posts
0
July 13th, 2006 20:00
the authentiumantivirus i cant find and ive never seen before? i did a search and i cant find anything for it??
OK, but your log shows that they both are running...and the "dumprep" entries in the log are evidence of system crashes probably resulting from the multiple antivirus/firewall programs running. These entries below represent running processes and services relating to those two products:
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
The "Command Software executable is Authentium antivirus. The "Blueyonder" PC Guard is also running. In addition to these two, you have your BullGuard antivirus and firewall application running. The BullGuard is the only one I wanted to see left in the log (since I thought that is the only one you wanted to keep).
Let's try a different way to see if we can uninstall the unwanted software. Click start-->all programs
look there for anything listed named "Blueyonder" or PCGuard. If located, move the cursor to that name to highlight it. Next, see if a drop down menu appears which may list other program components. If so, there could be listed there an uninstall string. It may be listed as "uninstall" but could also be listed as "unwise". You may even just see an icon listed there with a red line or red X through it. Any of those would be the uninstall string to the application. If located, click on it. The application should begin uninstalling. If nothing is located there, then do this:
Click start-->run
then type of copy and paste the following in the run box:
explorer.exe
then click 'OK'. When Windows Explorer opens, click "My Computer", then your local hard drive, then "Program Files". In the program files tree, scroll down the list and locate the folders for those programs respectively. For each, click the + sign next to the folder in the left pane. When the folder opens, look inside for the same thing as described above...the uninstall.exe or anything (as described above) that looks like an uninstaller for that program. Click on it to begin the uninstallation. If successful, in both cases for Authentium (Command Software) and Blueyonder (PCguard), reboot when finished.
Next, run HijackThis again and check the following:
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -u
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
Close all windows except for HijackThis then click Fix Checked.
Locate and delete the following files/folders indicated in bold text:
C:\Program Files\Common Files\ Command Software\dvpapi.exe
C:\Program Files\ blueyonder\PCguard\fws.exe
Reboot the computer and post a new HijackThis log. Please advise how the computer is now performing for you and if you are having any other issues. Thanks!